California Lutheran University (Cal Lutheran) recently learned of a ransomware attack on one of its third-party service providers, Blackbaud. This attack did not affect any systems at Cal Lutheran.
Blackbaud provides education administration, fundraising, and financial management software to many nonprofits and schools to support their fundraising and engagement efforts. According to Blackbaud, the ransomware attacker stole Blackbaud customer data and demanded that Blackbaud pay a Bitcoin ransom in exchange for an assurance of data destruction. Blackbaud says it paid the ransom and received the assurance of data destruction, but Cal Lutheran cannot be completely certain that the data was in fact destroyed.
Importantly, Cal Lutheran does not store Social Security numbers, credit card information, or bank account information in the Blackbaud environment. But the information stored in the Blackbaud environment does include other less sensitive data types (such as name and date of birth).
Out of an abundance of caution, Cal Lutheran is providing this voluntary notice. Cal Lutheran also is evaluating any possible legal requirements related to more formal notice.
We deeply value your relationship and will continue to be vigilant about data security and privacy. Thank you for your support of Cal Lutheran. If you have any questions or concerns about this matter, please contact us at [email protected].