GRAND FORKS — The fundraising arms of UND, North Dakota State, Valley City State and Minot State are notifying alumni and friends of a security incident at a third-party vendor used by all four, according to a news release from UND’s foundation.

Sensitive personal data, including financial account information and payment card information that are likely to lead to identity theft, and encrypted Social Security numbers were not involved in this incident, the release said.

Though, information obtained may have contained name, address, date of birth and, in some cases, giving histories.

At this time, based on the information provided by Blackbaud Inc., the third-party vendor used by all four of the university foundations, "the organizations have no reason to believe any data will be misused, disseminated or otherwise made publicly available."

Blackbaud, a company that provides a variety of specialized customer relationship management products to universities and nonprofits around the world, informed its client organizations in mid-July that its systems had been the target of a ransomware attack earlier in 2020.

Newsletter signup for email alerts

Backup files were removed from Blackbaud’s platform, which hosted data for most of Blackbaud’s clients. The company paid a ransom demand and received assurances that the files taken from its system were destroyed. Blackbaud has hired third-party experts to monitor for any activity that would indicate the data had been disseminated. It has found no such evidence, the release said.

The four North Dakota university foundations are legally required to notify only those in North Dakota and the state of Washington about the security incident, “but in the spirit of transparency and an abundance of caution, each is notifying others in their databases as well,” the release said.

Each of the foundations involved understands the tremendous responsibility of protecting the data and regrets any inconvenience that may be caused by Blackbaud’s security incident,” the release stated. “Each also hosts detailed information about the incident and advice on protecting oneself from identity theft on their respective websites.”

The UND Alumni Association & Foundation website is UNDalumni.org/bbsecurityincident.

The Valley City State Foundation website is vcsualumni.org/news-events-publications/vcsu-and-blackbaud-security-incident.html.