OCAD University has learned of a ransomware attack involving Blackbaud Inc., one of the world’s largest customer relationship management (CRM) providers. The University reassures its community that it has received confirmation from Blackbaud that its data were not affected by this incident.
OCAD University uses certain Blackbaud customer relationship products for fundraising purposes, and to manage relationships and communications with alumni, donors, supporters and partners.
The University does not use specific products that were identified by Blackbaud affected by the ransomware incident. On July 21, 2020, Blackbaud confirmed that OCAD U’s data, which are hosted in Canada, were not affected by the data breach.
Blackbaud informed clients impacted by the incident on July 16, 2020, noting it had discovered and successfully stopped the ransomware attack. Blackbaud’s public statement is available here.
While the company continues to have measures in place to protect data and prevent cyberattacks, in order to further mitigate risks, it has hired a forensic firm to monitor the internet and dark web for any signs of the breached data.
OCAD University takes the privacy, confidentiality and security of its data very seriously and conducts comprehensive assessments when selecting third-party service providers. The University is in continued discussions with Blackbaud and other higher education Blackbaud customers to remain up-to-date on response and remediation related to this incident.