uhs-wordmark

UH System Possibly Impacted by Blackbaud Data Security Incident

Updated: August 5, 2020

The University of Houston System may have been impacted by a data security incident involving Blackbaud, one of our service providers. No UH System encrypted data (like social security numbers, bank account or credit card information) were involved in this incident. At this time, we do not believe any further action is required by individuals. We are closely monitoring all developments with Blackbaud and will update this page as new information becomes available.

The Incident

On July 16, 2020, the UH System was contacted by Blackbaud, a leader in cloud-based engagement and fundraising software used by more than 45,000 universities and other nonprofit organizations, including the UH System, University of Texas and Texas Tech University, that one of their service providers had been the victim of a ransomware attack in May 2020. While the cybercriminal was unsuccessful in blocking access to the database in question, the cybercriminal was able to remove a copy of a subset of several clients’ data.

What information was involved?

The University of Houston System does not share encrypted information — such as Social Security numbers, bank account, credit or debit card information — with Blackbaud.

The data potentially accessed may have included personal contact information like names, titles, dates of birth, phone numbers, email addresses and affiliation with the UH System, its four component universities and the UH Alumni Association.

Steps Blackbaud has taken in response

Blackbaud agreed to pay the cybercriminals to delete the information and is closely monitoring the internet to verify that no data has been misused. Blackbaud has undergone a thorough investigation, with the assistance of law enforcement, confirming that no encrypted information was accessible in the attack.

Steps we have taken in response

The UH System immediately launched our own investigation and have taken the following steps:

  • We are notifying affected alumni and donors to make them aware of this breach of Blackbaud’s systems so they can remain vigilant;
  • We are working with Blackbaud to understand why there was a delay between it finding the breach and notifying us, as well as what actions Blackbaud is taking to increase its security;
  • We are continuing to monitor the situation with Blackbaud to investigate this incident.

Steps you can take in response

We do not believe it is necessary to take any further action at this time, but we want you to be aware of this development. At this time, we are not aware of any instances of fraudulent activity connected to the UH System’s data. But, out of an abundance of caution, we encourage you to monitor your online and financial activity and report anything suspicious.

For your convenience, the contact information for three credit agencies is below:

For more information:

Blackbaud has issued a statement on their website regarding this incident. You can visit their site for more information. 

If you have questions regarding the data related to this incident, please contact Mark Walcott, executive director of advancement information systems, reporting, and analytics at advsecurity@uh.edu or 713-743-0223.

Address
Office of University Advancement
University of Houston
221 E. Cullen Building
Houston, Texas 77204-2013

Contact Information
Phone: (713) 743-4708
Toll free: (877) 755-0559
Fax: (713) 743-0946