The purpose of this webpage is to inform our alumni, friends and donors about a data security breach that may have exposed some of their personal information that is stored in the University’s Office of Advancement database.
The protection of your information is taken very seriously by University of the Ozarks. Please know that this data breach was not the result of the University’s neglect or carelessness, but rather a cyber attack on our third-party database vendor. As soon as we learned of this breach, the University took immediate action to inform and explain the situation to our constituents and to work on making sure an incident like this does not happen again.
We were recently notified by one of our third-party service providers, Blackbaud, of a security incident. Blackbaud is one of the world’s largest providers of financial and fundraising technology to nonprofits. After discovering a ransomware attack, Blackbaud’s cyber security team, together with independent forensics experts and law enforcement, successfully prevented the cybercriminal from blocking their system access and fully encrypting files; and ultimately expelled them from the system. Prior to locking the cybercriminal out, the cybercriminal removed a copy of our backup file containing personal information of some of our alumni and donors. This occurred between February 7, 2020, and May 20, 2020.
What Information Was Involved?
In May 2020, Blackbaud discovered and stopped this ransomware attack. According to Blackbaud, the cybercriminals did not have access to encrypted credit card information, bank account information, usernames, passwords or Social Security numbers stored in client databases. However, Blackbaud did determine that the file removed may have contained names, addresses, phone numbers, emails, graduation years, majors, minors, dates of gifts, gift amounts and relationships.
Blackbaud paid the cybercriminal’s demand and received confirmation that the copy they removed had been destroyed. Based on the nature of the incident, their research, and third party (including law enforcement) investigation, Blackbaud does not believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publically.
What Are We Doing?
Upon learning of the cyber attack, University of the Ozarks began contacting all database and donor constituents via electronic or mail notification so that they may begin taking immediate action to protect themselves. Blackbaud has assured its database customers that is has already implemented several changes that will protect our data and our donors’ information from any subsequent incidents. First, Blackbaud’s teams were able to quickly identify the vulnerability associated with this incident, including the tactics used by the cybercriminal, and took swift action to fix it. They have confirmed through testing by multiple third parties, including the appropriate platform vendors, that the fix withstands all known attack tactics. Additionally, they are accelerating efforts to further harden their environment through enhancements to access management, network segmentation, deployment of additional endpoint and network-based platforms.
What Can You Do?
We encourage you to remain vigilant for incidents of fraud and identity theft by regularly reviewing your account statements and monitoring your credit reports for suspicious activity. You also might consider placing a fraud alert or security freeze on your credit bureau reports. Everyone is allowed one free credit report per year from each of the three major credit bureaus. To learn how to obtain your free annual credit report under federal law, visit AnnaulCreditReport.com or call (877) 322-8228.
A victim of fraud is eligible to receive one free credit report from each of the major credit bureaus:
TransUnion LLC: (800)916-8800; TransUnion.com; P.O. Box 2000, Chester, PA 19016
Experian: (866)200-6020; Experian.com; P.O. Box 2002, Allen TX 75013
Equifax: (888)766-0008; Equifax.com; P.O. Box 740241, Atlanta, GA 30374
For More Information
Please contact Lori McBee, vice president for advancement and alumni engagement, at 479.979.1354 or at firstname.lastname@example.org.