OU is launching its own investigation after a subset of data held by a third-party service provider was breached in a data security incident in May.
In an email, OU Advancement said it was contacted on July 16 by Blackbaud, “one of the world’s largest cloud software providers for higher education and not-for-profit organizations.” The organization was who informed OU it was a victim of a ransomware attack.
OU Advancement said the cybercriminal removed a subset of Blackbaud clients’ data, including the names, addresses, phone numbers and email addresses of some OU alumni and donors. Nevertheless, OU assured in the email no social security numbers, credit card numbers or donor giving information were ever provided to Blackbaud.
While Blackbaud is already conducting a “detailed forensic” investigation along with law enforcement and third-party cybersecurity experts, OU Advancement said they are working on their own private investigation, according to the email. Although the email said the level of OU data compromised proved less severe than for other higher education institutions around the country and in the U.K., OU Advancement suggests affected individuals watch out for any suspicious activity and report it to the proper law enforcement authorities.
OU Advancement said in the email the university is “committed to data integrity and transparency,” therefore Blackbaud is “beneficial to OU’s data analysis and benchmarking processes.” After the incident, Blackbaud said it is committed to strengthening its data environment.
As OU remains in contact with Blackbaud for more details of the incident, they suggest contacting Jana Moring, director of donor relations at the OU Foundation, at (405) 310-4848 or email@example.com with more concerns or questions.