Skip to content Skip to footer site map

Important information for alumni and donors​- Blackbaud data security incident​

2020-07-30

We are informing members of the St. Lawrence College community of a third-party data security incident which may have affected their personal data. This incident involves SLC alumni and donor records.  

What happened: 
On July 16 St. Lawrence College was contacted by Blackbaud, a third-party service provider, who informed us they had been the victim of a ransomware attack in May 2020. Blackbaud is one of the world’s largest providers of database management systems for not-for-profit organizations and the higher education sector and is used to house SLC alumni and donor data. The cybercriminal was able to remove a copy of a subset of data from a number of Blackbaud clients. This included St. Lawrence College data including personal data of both donors to the college and SLC alumni. 

Blackbaud has stated that:  

·       A detailed forensic investigation was undertaken, on behalf of Blackbaud, by law enforcement and third-party cyber security experts 
·       No credit card information formed part of the data theft 
·       In order to protect customers’ data and mitigate the risk of identity theft, Blackbaud met the cybercriminal’s ransomware demand, paid the ransom and received assurances from the cybercriminal that the data  was destroyed  
·       They have engaged security experts to search for misuse of the data and no evidence has been found of this; they are also monitoring the dark web looking for any traces of the data affected in this incident 

We understand that the file removed contained alumni and/or donor contact information, educational and demographic information, professional details, fundraising activities, and a history of relationships with SLC such as event attendance, donation dates, and amounts. If you made a donation by cheque to the College prior to 2015, your banking information could have been part of the file, however no credit card information was included. 

Blackbaud has posted a response to this incident on their website. You can read it here.  

What SLC is doing: 
We are notifying our alumni and donors this week so they are aware of this breach of Blackbaud’s systems and can remain vigilant. We are taking steps to understand how many other parties in the higher education and the wider not-for-profit sector have been affected, and we have informed the Information and Privacy Commissioner of Ontario (IPC). We are also investigating why there was a delay between discovering the breach and SLC being notified, as well as what actions Blackbaud have taken to increase their security.  

We will carefully review the security enhancements Blackbaud implements as a result of this incident and address any shortcomings in an appropriate way. We will continue to work with Blackbaud to investigate this matter, and we continue to take advice from our legal team, Privacy Officer, and IT security experts. 

What alumni and donors can do: 
We currently have no knowledge that any donor or alumni information has been misused in any way. People should always be vigilant in protecting themselves from identity theft by monitoring bank accounts, credit card statements and other financial transaction statements for any suspicious activity. If you notice any suspicious activity and believe it is linked to this incident, please report it to the police and notify us at your very first opportunity. 

Alumni and donors are asked to please check their email and review the notification sent by SLC regarding this incident. If you did not receive an email, please contact our Alumni office at alumni@sl.on.ca

Questions or concerns regarding this matter can be directed to blackbaud_incident@sl.on.ca