Accessibility Skip to Global Navigation Skip to Local Navigation Skip to Content Skip to Search Skip to Site Map Menu

Blackbaud data incident -
Important information

Thursday 30 July 2020 12:55pm

We have been informed by Blackbaud, the world’s largest provider of not-for-profit database management software, of a recent data security breach involving information on alumni, donors and related groups from universities and charities around the world.


Blackbaud provides the University of Otago with the alumni and fundraising engagement software.

We believe the situation has been resolved, and that our alumni do not need to take any action in response to this incident.

We are seeking clarification from Blackbaud if data from one file sent by the University of Otago to the USA in 2014 may have been affected. This file contained information on a small number of alumni based in the USA at that time. We will be notifying affected people if it is confirmed that their details are involved.

The University has been advised that no passwords, bank details or credit card details were included in the potential breach.

Blackbaud has assured us that the breach has been contained and data are no longer at risk. However, our cyber security team is continuing to work with Blackbaud to confirm this.

 

What happened?

In May 2020, Blackbaud was the victim of a cyber-attack that attempted to encrypt their systems. Although their cybersecurity measures intercepted the attack, the cybercriminal responsible was able to take copies of information belonging to a large number of universities and charities around the world.

To protect the stolen data, Blackbaud negotiated and paid a ransom to the attacker in return for an assurance that the data would be destroyed and no copies of the data would be distributed or retained.

The University has taken the following steps:

  • Informed the Office of the Privacy Commissioner of the data breach.
  • Alerted all University of Otago alumni and donors to the incident.
  • Posted information about the data breach and the response on the University’s Alumni website.

 


We are confident that the incident has been successfully resolved, however we urge our alumni to remain vigilant for any unusual activity.

We take your privacy seriously. You can read more about our privacy policy here https://alumni.otago.ac.nz/about-us-privacy-statement

If you have any questions or concerns regarding this incident, please contact us at otagoalumni@otago.ac.nz

 

Professor Helen Nicholson,
Deputy Vice-Chancellor, External Engagement