In the spirit of maintaining transparency with our Wichita State University family, we want to let you know that on July 16 our third-party vendor, Blackbaud, informed us it was the victim of a data security incident in May 2020. There was no unauthorized access into WSU Foundation systems.
Upon its discovery of the incident, Blackbaud, with the assistance of independent digital forensics experts and law enforcement, conducted an investigation. Please be assured that your Social Security number (we do not keep those in our donor database), bank account number, and credit/debit card information were not involved in the incident, as the WSU Foundation did not share this information with Blackbaud.
The Foundation will continue to work diligently with Blackbaud and our own cybersecurity experts to investigate the incident. We take data protection and privacy very seriously at the Foundation and we have multiple internal systems in place to preserve the integrity of this information. We are grateful for the continued support of our Shocker Family alumni and friends.
The information below relates to a data security incident that occurred at Blackbaud, a third-party service provider of the Wichita State University Foundation. This incident occurred on Blackbaud’s systems, not on the WSU Foundation’s systems. We take our data protection responsibilities very seriously and have launched our own investigation. This website will be updated as we learn more.
Blackbaud is one of the world’s largest providers of customer relationship management systems. It provides record-keeping services for the WSU Foundation, as well as other foundations, health care organizations, and educational institutions within the non-profit sector.
Blackbaud informed the WSU Foundation on July 16 that it was the victim of a data security incident in May 2020. The WSU Foundation has since been working diligently to assess the scope and resulting effects that Blackbaud’s incident may have had on our information.
Blackbaud, assisted by independent digital forensics experts and law enforcement, has conducted an investigation into the incident. Specific to the WSU Foundation, please be assured that NO Social Security numbers, bank account numbers, or credit/debit card numbers were involved in the incident.
Currently, based upon the information we have received from Blackbaud, the data accessed may have contained names, phone numbers, addresses, email addresses, and publicly available donor analytics data. Blackbaud has informed the WSU Foundation that it has no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly. Additionally, Blackbaud was able to confirm the subset of data that was stolen was destroyed. Our investigation is still ongoing and our own cybersecurity experts are working to verify this.
Ensuring the safety of our donors’ data is of the utmost importance to us. Upon notification of the data breach, the WSU Foundation immediately launched its own internal investigation.
While we do not believe there is a need for you to take any action at this time, it is a general best practice to remain vigilant and promptly report any suspicious activity or suspected identity theft to the proper law enforcement authorities.
As part of its ongoing efforts to help prevent something like this from happening in the future, Blackbaud has confirmed it has already implemented changes to protect its system from any subsequent incidents. In addition, it has hired a third-party security service to monitor its systems for any suspicious activity.
Blackbaud has also identified the vulnerability associated with this incident, including the tactics used by the cybercriminal, and has taken actions to fix the issue. It has also confirmed through testing by multiple third parties, including the appropriate platform vendors, that the fix can withstand all known attack tactics. Additionally, Blackbaud is accelerating its efforts to further harden its environment through enhancements to access management, network segmentation, and deployment of additional endpoint and network-based threat detection software.
We will continue to work with Blackbaud to investigate this incident. Please be assured we take data protection and privacy very seriously at the WSU Foundation and have multiple internal systems in place to preserve the integrity of this information. We are grateful for the continued support of our Shocker Family alumni and friends.
If you would like a WSU Foundation representative to contact you to further discuss, please email FoundationITS@Wichita.edu or call 316-978-3040. A member of the WSU Foundation team or IT team will assist you as appropriate.
