Third-party service provider experiences data breach
The University of Manitoba recently learned that one of our third-party service providers, Blackbaud, experienced a ransomware attack that impacted many of its clients around the world, including UM.
The University of Manitoba uses Blackbaud products to manage alumni and donor information. UM’s Blackbaud database does not include any banking or credit card information or social insurance/social security numbers. The cyberattack on Blackbaud systems resulted in a breach of some alumni, donor and friends’ personal information which may include name, date of birth, contact information, and some information about donations to the University.
The University of Manitoba takes all breaches of privacy and confidentiality seriously. In response to this incident, we:
- are identifying all impacted records;
- are notifying all affected parties directly;
- are notifying the Manitoba Ombudsman;
- are working with UM’s Access and Privacy Office;
- are working with Blackbaud to ensure we understand why this happened and that an appropriate response is taken to ensure it doesn’t happen again.
No action is required on the part of any affected individuals. Blackbaud has informed the University of Manitoba that a ransom was paid by Blackbaud, that the cybercriminal confirmed copies removed were destroyed, and that research by Blackbaud and third-party investigations (including law enforcement) showed no evidence that the data has been shared by the cybercriminal. Blackbaud has also hired a forensic IP provider to monitor the internet and dark web for any signs of the breached data. You can read more about the incident and Blackbaud’s response here.
If you have concerns or questions regarding this incident, please contact:
Siobhan Kari, Alumni & Donor Relations at 204-474-9022 or Siobhan.Kari@umanitoba.ca
Karen Meelker, Access and Privacy Officer at 204-474-8339 or Karen.Meelker@umanitoba.ca