UO responds to security incident involving computer records

Code on a computer screen

The UO recently announced it is one of hundreds, and potentially thousands, of institutions worldwide affected by a ransomware attack identified by a third-party service provider, Blackbaud.

The incident was detected in May and Blackbaud notified the University of Oregon Foundation on July 16.

The foundation and university launched their own investigation and have confirmed that no sensitive personal or financial information — such as social security numbers, driver’s license numbers, banking information or credit card information — was provided or stored on the Blackbaud systems involved in the incident.   

The UO Foundation uses two software applications from Blackbaud, Research Point and Target Analytics, to record engagement with UO alumni, staff, students and extended networks of donors and supporters.  

“The University of Oregon was informed that its information was involved on the same day as the public notice to the UO Foundation,” said Leo Howell, UO’s chief information security officer. “The university has launched its own investigation and has provided public notice to staff, students and alumni of the incident.”  

The university is advising that no specific action is needed at this time, although it encourages ongoing vigilance for unusual activity.   

According to Blackbaud, the cybercriminals were able to "remove a copy of a subset of data from our self-hosted environment" before being locked out of Blackbaud’s systems. The company reports paying a ransom to the cybercriminals and says it received confirmation that the stolen data was destroyed.   

The UO is working with Blackbaud to understand the delay between Blackbaud’s discovery of the incident and its notification to clients, as well as what actions Blackbaud has taken to increase the security of data in its systems.   

UO and the foundation will be working together to review and enhance the security of our donor and alumni data to reduce the risk of this and other types of threats posed by cybercriminals.   

Inquiries can be sent to a response team at askuo@uoregon.edu.