Ridgewater College notifies donors, alumni of data breach

A data breach that hit the cloud service used by the Ridgewater College Foundation resulted in a notification to those affected this week. The company, Blackbaud, paid an attacker and was told the information copied by the attacker had been destroyed.

Ridgewater College's sign shows a welcome message on Sept. 3, 2020. Kelly Boldan / West Central Tribune

WILLMAR — Ridgewater College has notified alumni and foundation donors of a data breach that took place last summer.

According to an email sent Friday afternoon, an attacker may have had access to private information through a breach of the cloud service vendor Blackbaud. The college uses the service for alumni relations and for fundraising.

“We believe the incident has been resolved, and no action is required on your part,” the email from College President Craig Johnson said.

According to the email, the college and foundation learned of the breach in July.

“As a result of this attack, an unidentified individual may have obtained some personally identifying information stored on Blackbaud’s servers, including information about former students and employees of the College and donors to the Foundation,”


Blackbaud paid the attacker’s demand, and the attacker confirmed that the information which had been copied was destroyed, according to the email. However, the college cannot independently verify that the information was destroyed.

Information stored by Blackbaud is classified as “directory information” like name, field of study, and dates of attendance or “limited directory information” like a mailing address or email address. That information is public data under Minnesota law.

Non-public data that may have been exposed was foundation records including demographic data, philanthropic interests and donation history. Blackbaud has said credit card, bank account and social security numbers were encrypted, and the attacker did not gain access to that information.

As part of its investigation, the college learned that some data beyond directory or limited director information had been provided to the foundation in error. That information could have included date of birth dates, addresses, phone numbers and email addresses. That information may have also been available to the Blackbaud attacker.

The college is investigating the incident and told those affected they could request a report on the investigation details.

What To Read Next
Mike Clemens, a farmer from Wimbledon, North Dakota, was literally (and figuratively) “blown away,” when his equipment shed collapsed under a snow load.
Volunteers lead lessons on infusing fibers with plant dyes and journaling scientific observations for youth in Crow Wing and Olmsted counties.
The Minnesota Public Utilities Commission met on Jan. 5, 2023, to consider the application for Summit Carbon Solutions.
Qualified Minnesota farmers will receive dollar-for-dollar matching money to purchase farmland.