Blackbaud data security incident affecting Elizabeth College Foundation and the Old Elizabethan Association
|16 Nov 2020|
Elizabeth College Foundation and the Old Elizabethan Association have been in contact with members of the community to inform them about a potential data security incident affecting an old copy of the Foundation and OEA Database.
Blackbaud, a software service provider and the former supplier of our database, has suffered a data breach. Elizabeth College Foundation takes its responsibilities regarding data security very seriously and is taking all necessary steps to review and respond to this incident, including notifying those individuals who may have been affected.
Blackbaud has notified us that they have been the victim of a sophisticated ransomware attack, which occurred earlier this year. A backup file containing personal information was stolen by a cybercriminal. It is important to note that no sensitive information, such as bank account information, passwords or usernames, was taken. Blackbaud’s cyber security team worked with forensics experts and law enforcement agencies to expel the cybercriminal from its systems and fix the vulnerability they had used to access the data.
We terminated our contract with Blackbaud in December 2018, but due to breakdowns in their procedures Foundation and OEA data dating from 2018 was still on the servers affected by the breach.
Blackbaud has assured us that they do not believe that the data has been shared or misused.
As soon as we became aware of the breach a report was made to the Office of the Data Protection Authority in Guernsey. We also launched an internal investigation including a data audit to determine who had been affected and take appropriate action. This was a complex process that took time to complete. We have contacted those individuals who may have been affected to update them on this incident.
There is no action that you should take as a result of this incident, but would we encourage all members of our community to remain wary of any unexpected communications, suspicious emails, letters, or phone calls. Any suspicious activity should be reported to the proper law enforcement authorities.
We value greatly the support of all our alumni, parents and friends of the College. Whilst we could not have foreseen this incident occurring two years after ending our relationship with Blackbaud, nonetheless we sincerely regret any concern or inconvenience that this incident may cause.
If you have any questions in regard to this incident please contact email@example.com