Notification of Security Incident

On Thursday,  July 16, 2020, Emerson College received notification from Blackbaud of a ransomware attack which occurred in May of 2020. The cybercriminal removed data for the purpose of extorting funds from Blackbaud, one of the world’s largest providers of education administration, fundraising, and financial management software for nonprofits.

The copy of data that the cybercriminal removed may have included individuals’ names, contacts, and giving history of our donors and alumni. The compromised database did not contain any credit card information. Further, the cybercriminal had no access to bank account information, usernames, passwords, or social insurance numbers because these were encrypted. We have directly contacted those individuals whose regional laws require notification. 

Based on their research, Blackbaud and law enforcement officials believe that no data went beyond the cybercriminal, and there is no further risk of harm. They have hired a third-party team of experts to monitor the web for any misuse of the known data. Emerson is working with Blackbaud to mitigate any further risk of exposure. If you have questions concerning this unauthorized access of data, please contact privacy@emerson.edu.