Information on Data Security Incident
Out of an abundance of caution, we are notifying our community about a data security incident involving UF Foundation data.
As an organization dedicated to connecting individual passions with institutional priorities that improve lives and communities across our state, nation, and world, we take great pride in the trust that you place in us on a daily basis. In turn, we commit to managing your gifts of time and resources with the utmost integrity, and to communicating with you regularly about how these resources are managed.
We are writing today out of an abundance of caution to inform you of a data security incident involving a third-party vendor that may have involved your personal information. While we believe the risk to members of our community is low, we believe that the transparent sharing of information is critical to maintaining the trust you have placed in us. It is important to note that the UF Foundation does not store credit card details, banking information, Social Security numbers, or other highly sensitive data in our database of record – those data are not involved in the incident detailed below.
Below we are including full details of this incident as provided by Blackbaud, one of the UF Foundation’s third-party service providers that was recently the victim of a ransomware attack involving many colleges and universities worldwide. Affected organizations include a number of colleges and universities in the state of Florida, as well as our peer public and leading private universities around the nation and world.
On July 16, 2020, UF was notified of a security incident involving UF Foundation data by Blackbaud, a third-party vendor that helps the UF Foundation maintain current and accurate information about UF alumni.
What information was involved?
As mentioned above, this incident does not involve highly sensitive personal information such as credit card details, banking information, or Social Security numbers. However, our research into this incident has revealed that personal information including names, dates of birth, degree information, spousal information, and various other biographical data was involved. Blackbaud has shared that, based on their research and third-party (including law enforcement) investigations, they have no reason to believe that any data was or will be misused, or will be disseminated or otherwise made publicly available.
What can you do?
It is best practice to regularly monitor and review your personal accounts and information to protect against any unwanted activity and the potential for identity theft. While we would like to reiterate that we believe the risks associated with this incident are low, we are also here to help. If you would like more information about this incident, please do not hesitate to contact us at firstname.lastname@example.org.
We sincerely apologize for this incident and regret any inconvenience that this may cause you. Thank you for your understanding and your steadfast support of the University of Florida.