The Texas A&M University System was recently made aware of a data security incident which may have involved personal information about our alumni and donors. We take the protection and use of your information very seriously. Please see the information below that explains the incident and steps we have taken to protect you.
What Happened
On July 16, 2020, we were notified of a security incident by one of our third-party service providers, Blackbaud Inc. Blackbaud is one of the world’s largest providers of customer relationship management systems and is used by a large majority of non-profits and higher education institutions.
At this time, our understanding is that Blackbaud discovered and stopped a ransomware attack, but not before some data may have been exposed. According to information provided to us from Blackbaud, the cybercriminal removed data for the purpose of extorting funds from Blackbaud. This occurred at some point between February 7, 2020 and May 20, 2020. Based on their research, Blackbaud and law enforcement officials believe that no data went beyond the cybercriminal. Nonetheless, they have hired a third-party team of experts to monitor the dark web as an extra precautionary measure.
What Information Was Involved
A detailed investigation was done by law enforcement and third-party cyber security experts. While Blackbaud reports that their investigation found no encrypted information, such as bank accounts, credit cards or passwords were compromised during the attack. The A&M System cannot independently verify this.
As reported by Blackbaud, the data accessed may have contained some of the following information:
- Name, address phone numbers and email
- Gender, date of birth and Universal Identification Number (UIN)
- Record of University event and fundraising activities including donations, event participation, volunteer activity, etc.
- Employer information
What We Are Doing
The A&M System is working closely with Blackbaud to mitigate any further risk of exposure and will continue to deploy security-monitoring technologies aimed at malicious attempts to access information. The A&M System is also notifying all affected persons so you can take action to protect yourself.
What You Can Do
As a best practice, The Texas A&M System recommends you promptly report any suspicious activity or suspected identity theft to the proper authorities. The Federal Trade Commission (FTC) recommends that you place a fraud alert on your credit file. A fraud alert lets creditors know to contact you before they open any new accounts or change your existing accounts. Contact any one of the three major credit bureaus using the information listed below; the company you contact is required to notify the other two, which will place an alert on their versions of your credit report as well.
Equifax: 800 525-6285; P.O. Box 740231, Atlanta, GA 30374-0241
Experian: 888 397-3742; P.O. Box 9532, Allen, TX 75013
TransUnion: 800 680-7289;Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
Once you place the fraud alert in your file, you are entitled to order free copies of your credit reports and, if you ask, only the last four digits of your Social Security Number will appear on your credit reports. Carefully review any credit reports you receive. Look for accounts you did not open. Look for inquiries from creditors that you did not initiate. And look for personal information, such as a home address and Social Security Number that is not accurate. If you see anything you do not understand, call the credit agency at the telephone number on the report.
If you do find suspicious activity on your credit reports, call your local police or sheriff’s office and file a police report of identity theft. Get a copy of the police report. You may need to give copies of the police report to creditors to clear up your records. You may also wish to file a complaint with the FTC or call 1-877-ID-THEFT (438-4338). Your complaint will be added to the FTC’s Identity Theft Data Clearinghouse where it will be accessible to law enforcers for their investigations. Even if you do not find any signs of fraud on your reports, some consumer protection specialists recommend checking your credit report every three months for the next year. Just call one of the numbers listed above to order your reports and keep the fraud alert in place.
For More Information
For more information on identity theft, you may wish to review the resources available on the Texas Attorney General’s website or call the Attorney General’s Consumer Protection Division at 1-800 621-0508.
Should you have any further questions or concerns regarding this matter, please contact blackbaudresponse@tamus.edu or Blackbaud directly at 1-855-907-2099.