Back in July, the BBC reported that Blackbaud, a global provider of education administration, financial management, and fundraising software, was hit by a major data breach in May 2020. At the time, the hack was known to have affected at least nine universities, mostly international ones. But as of today, major universities in the U.S. have also been confirmed to have been affected by the hack.
Those universities include Harvard University. In an email the Harvard Alumni Affairs and Development office sent to Harvard community members this week, the breach was confirmed:
The Blackbaud data breach, discovered in May 2020, may have included demographic data for Harvard community members with a U.S. address, such as names, addresses, employment information, and birthdates, along with philanthropic engagement data. Harvard University has never provided credit card numbers, social security numbers, bank account information, or similar high-risk data to Blackbaud, thus this data was not exposed.
As The Harvard Crimson reports, the hackers originally intended to lock Blackbaud out of its own servers and hold the data ransom until Blackbaud or the universities paid up. However, Blackbaud successfully combated the ransomware attack, but not before the hackers grabbed some data and ran.
The Boston Globe has confirmed that Boston University and Emerson College have also notified students and alumni their data may have been accessed in the attack. Back in July, the BBC said the Rhode Island School of Design’s data was also breached. It’s unknown whether any more U.S. colleges or universities had their data breached in the Blackbaud hack at this time. You can read Blackbaud’s statement on the incident here.