A group of Wayne State College alumni and donors are experiencing a possible personal information exposure after a recent security breach with Blackbaud, a data management company.
The Wayne State Foundation distributed letters to inform affected individuals this week after some Social Security numbers and birth dates were exposed.
Blackbaud is a cloud-based data management provider to the Wayne State Foundation, which is a separate entity from the college. Multiple other organizations and schools around the country use the company’s services to manage data, including Harvard University, Yale University and the Mayo Clinic.
The data company experienced a ransomware attack between February and June 2020 but originally told the college in July that no sensitive data was lost because it was encrypted, said Kevin Armstrong, foundation CEO.
“We didn’t do anything in July because we were requesting backup copies from Blackbaud to determine what was stolen,” Armstrong said. “That process took several months to get through. We hired a cybersecurity team and a cyber attorney to help us through the process because we have never been through a breach before.”
Years before the attack, Wayne State used students’ Social Security numbers as their ID numbers, and that information was gathered by the foundation when they graduated. Through the investigation, the foundation found the breach exposed some of those Social Security numbers, along with some birth dates.
Armstrong said the college shifted to unique student ID numbers a number of years ago. The foundation also deleted all Social Security numbers in its database in April and May, before they learned of the attack.
The foundation offered free credit monitoring through TransUnion for a year to affected individuals, among other credit monitoring tips, in the letter.
“This is an unfortunate event, and we apologize to everybody who has received a letter,” Armstrong said. “... We want to be safe and transparent, that’s why we are doing these extra steps.”
The foundation has more than 40,000 individuals — including alumni, donors and friends of the college — in its database, but the affected group reaches nowhere near that number, Armstrong said.
“Like a lot of schools in our position, we are looking at possible other (provider) options and we are working with Blackbaud to make sure this doesn’t happen again,” Armstrong said. “The good thing on our end is we don’t have sensitive data in our system any longer. We have never stored credit card or bank information — a lot of schools and charities do store that stuff.”
Individuals who receive letters are encouraged to monitor account statements and credit history. Affected alumni can call 800-592-2650 if they have questions about the breach.