This notice is to inform the University of Toronto community of a recent cyber attack involving one of our database vendors, Blackbaud. U of T uses a database system purchased from Blackbaud to record engagement with our community members.
Blackbaud has assured us that no personal information of any kind from U of T was involved in the attack and there is no need for you to take any action as a result.
What we know
On July 16, Blackbaud informed us that it had been the victim of a cyber attack in May, in which client data of several universities were taken. Blackbaud paid a ransom and advises that an investigation by law enforcement and third-party cyber security experts concluded the data that had been taken was destroyed.
Blackbaud also informed us that their investigators found no U of T personal information, such as names and addresses, had been accessed in the attack.
Only one U of T document was exposed: a report containing statistical information about fundraising. Blackbaud’s investigation also confirmed that the attackers did not access any encrypted information such as bank account or credit card details, or passwords, none of which was involved in the U of T statistical report in any event.
What you should do
While there is no need for you to take action at this time, we do recommend that you maintain vigilance and promptly report suspicious activity or suspected identity theft to law enforcement authorities.
What we are doing
Because protecting the privacy and personal information of the University of Toronto community is of the utmost importance, we immediately launched our own investigation to carefully assess what U of T data had been shared with Blackbaud, and to ensure that appropriate action is taken to protect our communities.
The U of T Information Security team and U of T Advancement are actively working with Blackbaud to fully understand why this happened and what actions Blackbaud has taken to improve security. Finally, we are working with our peers in higher education, not-for-profit, and other sectors affected by the Blackbaud compromise, to stay informed and up-to-date on any new developments.
If you have any questions, you can reach us at firstname.lastname@example.org.