WILLMAR — Ridgewater College has notified alumni and foundation donors of a data breach that took place last summer.
According to an email sent Friday afternoon, an attacker may have had access to private information through a breach of the cloud service vendor Blackbaud. The college uses the service for alumni relations and for fundraising.
“We believe the incident has been resolved, and no action is required on your part,” the email from College President Craig Johnson said.
According to the email, the college and foundation learned of the breach in July.
“As a result of this attack, an unidentified individual may have obtained some personally identifying information stored on Blackbaud’s servers, including information about former students and employees of the College and donors to the Foundation,”
Blackbaud paid the attacker’s demand, and the attacker confirmed that the information which had been copied was destroyed, according to the email. However, the college cannot independently verify that the information was destroyed.
Information stored by Blackbaud is classified as “directory information” like name, field of study, and dates of attendance or “limited directory information” like a mailing address or email address. That information is public data under Minnesota law.
Non-public data that may have been exposed was foundation records including demographic data, philanthropic interests and donation history. Blackbaud has said credit card, bank account and social security numbers were encrypted, and the attacker did not gain access to that information.
As part of its investigation, the college learned that some data beyond directory or limited director information had been provided to the foundation in error. That information could have included date of birth dates, addresses, phone numbers and email addresses. That information may have also been available to the Blackbaud attacker.
The college is investigating the incident and told those affected they could request a report on the investigation details.