On July 16, 2020, Blackbaud, Inc., a Caltech vendor and one of the world's largest providers of education administration, fundraising, and financial management software for nonprofits, notified Caltech that Blackbaud experienced a ransomware attack in May 2020. This cyberattack occurred on Blackbaud's internal systems and exposed data from approximately 160 colleges, universities, and nonprofits that are customers of Blackbaud's services. We understand that the exposed data included Caltech donor and prospective donor records from 2016 which may have included those individuals' names, mailing address, gender, employer, age, date of birth, and/or spouse's name. Since Caltech did not provide Blackbaud with these individuals' email addresses, phone numbers, usernames, passwords, credit card information, bank account information, or social security numbers, this incident did not involve this information.
Blackbaud, aided by independent forensics experts and law enforcement officials, has said it believes that no data went beyond the individual(s) responsible for this cyberattack and that the unauthorized copy from Blackbaud's systems has been destroyed. Nonetheless, Blackbaud has hired a third-party team of experts to monitor the dark web as an extra precautionary measure.
Caltech has concluded that data typically regarded as highly sensitive was not included in the affected dataset. As a best practice, however, individuals should remain vigilant and promptly report any suspicious activity or suspected identity theft to the proper authorities. Caltech routinely monitors for evidence of unauthorized access to Caltech data.
Caltech is committed to the security and protection of our donors' and prospective donors' personal information, and we take this obligation very seriously.
For a complete summary of the incident, please see Blackbaud's report.