You are a valued member of Mitchell Community College’s family of alumni, friends, and supporters, and we are contacting you today to notify you of a data incident that may have affected your personal data. The incident targeted a significant number of international and U.S.-based healthcare, educational and not-for-profit organizations.
This summer, we were contacted by our software vendor, Blackbaud, which is one of the world’s largest providers of technology solutions for not-for-profit organizations and the higher education sector.
Blackbaud informed Mitchell that a cybercriminal had accessed Blackbaud systems beginning in February 2020 and initiated a ransomware attack in May. The data impacted included a subset of Mitchell Community College’s and the Mitchell Community College Foundation and Endowment for Excellence’s donor data.
Blackbaud has assured us that no credit card information, bank account information, or social security numbers were acquired by the cybercriminal; however, we have determined that the file that was involved may have contained some other personally identifying information about you that was not encrypted, including contact information, philanthropy-related data and educational and employment history, all largely drawn from public sources.
We are taking this very seriously, and we will continue to work with Blackbaud to investigate this matter.
We would like to reassure you that:
- We believe the risk attached to this incident is low, thanks to the steps taken by our software vendor. You can read their response on the Blackbaud website.
- A detailed forensic investigation was conducted by law enforcement and third-party cyber security experts, on behalf of Blackbaud.
- Blackbaud confirmed the investigation found that any bank account details or social security numbers in the relevant database were stored securely in an encrypted format and were not accessed by the cybercriminal.
- Blackbaud also confirmed that no credit card information was part of the data theft. We want to stress that if you have provided the college with credit card numbers or bank details related to a donation or purchase, this information was not included, exposed or accessed in the course of the incident.
- Blackbaud has engaged security experts to search for misuse of the data and no evidence has been found of this; they are also monitoring the dark web looking for any traces of the data affected in this incident.
What are we doing:
Ensuring the safety of our constituents’ data is of the utmost importance to Mitchell. As part of their ongoing efforts to help prevent something like this from happening in the future, Blackbaud has already implemented several changes that will protect your data from any subsequent incidents, including identifying the vulnerability associated with this incident, the tactics used by the cybercriminal and taking action to fix it.
What you can do:
No action is required from you at this time. However, as best practice, it is always a good idea to be vigilant in addressing misuse of your identity from any source. The Federal Trade Commission has several helpful resources on protecting yourself from or reporting incidents of identity theft: visit www.consumer.gov/idtheft or call 1-877-IDTHEFT (1-877-438-4338).
For more information:
If you have any further questions or concerns regarding this matter, please do not hesitate to contact us at firstname.lastname@example.org.
We are committed to you and the protection of your information, and we do not take for granted the trust you place in Mitchell.