Bentley Response to Blackbaud Data Security Incident
On July 16, 2020, Bentley University was notified by a former third-party vendor, Blackbaud, that the company had been the target of a data security incident involving cybercriminals in May 2020. Blackbaud is one of the world’s largest providers of education administration, fundraising and financial management software for non-profits. Bentley was one of many organizations impacted by this cyber-attack aimed at extorting funds from Blackbaud.
The cybercriminals were able to access a subset of Blackbaud’s data, which included some of Bentley University’s donor and prospective donor data. Bentley did not provide any credit card information, bank account information or social security numbers to Blackbaud and does not retain or store this information in our donor and alumni records. However, some personal information collected by Bentley, such as name, address, philanthropic history and relationship with Bentley, was in the Blackbaud database and could have been temporarily accessed during the attack. We have been informed by Blackbaud that their Cyber Security team engaged with independent forensics experts and law enforcement to expel the cybercriminals from the system. Ultimately, Blackbaud paid the cybercriminal’s demand with confirmation that the copy they removed from the system had been destroyed. For additional information about this incident and Blackbaud’s response, please visit Blackbaud’s website.
We take information security very seriously, and we regret any inconvenience this may cause any member of the Bentley community. Upon learning of this incident on July 16, Bentley immediately began an investigation to understand what data had been compromised, and we will continue to take all appropriate action with respect to this incident. Bentley has hired independent security experts to advise the university on the appropriate next steps. There is no need for anyone to take any action at this time. Bentley is in close contact with Blackbaud regarding this incident, and we will follow up with anyone we believe may have been directly impacted.
If you have any immediate questions or concerns, please contact cybersecurity@bentley.edu, and Ian Wall, interim vice president and chief information officer, will get back to you as quickly as possible.