QuickTalk follow up: Responses from Blackbaud

[Brian Kelly <bkelly () EDUCAUSE EDU>]

Blackbaud committed to answering your questions during the EDUCAUSE and REN-ISAC July 28th QuickTalk, and has had 1:1 
conversations with many of its customers.
For those of you who attended the recent QuickTalk about Blackbaud’s Security Incident, thank you.

In response to that discussion, Blackbaud has developed responses to three of the most discussed topics.


  1.  How can I request a copy of my data involved in the security incident?
     *   Please contact your Blackbaud representative.  While we initially thought the fastest route to the information 
was self-service for those who were involved, we have added new options for those who need more assistance based on 
customer feedback.
  2.  How confident is Blackbaud that this situation has been remediated?
     *   We have no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be 
disseminated or otherwise made available publicly.
  3.  What is Blackbaud doing in response to this incident?
     *   Our teams were able to quickly identify the vulnerability associated with this incident and took swift action 
to fix it. We have confirmed through testing by multiple third parties, including the appropriate platform vendors, 
that our fix withstands all known attack tactics. Additionally, we are accelerating our efforts to further harden our 
environment through enhancements to access management, network segmentation, deployment of additional endpoint and 
network-based platforms.  We continue to monitor for posts that may contain information from the incident.

Should you have any follow-up questions or questions related to your specific institution, please contact your 
Blackbaud Customer Success Manager. More information can also be found on the secure landing page Blackbaud provided to 
customers who were part of the incident. And for others, you can visit 
www.Blackbaud.com/securityincident<http://www.blackbaud.com/securityincident>.

We encourage REN-ISAC members looking for more information about the Blackbaud security incident to review the post to 
the REN-ISAC Discussion email list.  If you are not a REN-ISAC member and wish to see this information, please contact 
info () ren-isac net<mailto:info () ren-isac net>  or contact your Blackbaud Customer Success Managers. More 
information can also be found on the Blackbaud website<https://www.blackbaud.com/security>.


Brian

Brian Kelly, CISSP, CISM, CEH
Director, Cybersecurity Program

EDUCAUSE
Uncommon Thinking for the Common Good
Follow HEISC on 
LinkedIn<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fshowcase%2Fhigher-education-information-security-council-heisc-%2F&data=02%7C01%7C%7C7197d41189e4414981ae08d69dc9670a%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C636869885680898966&sdata=%2FYvU%2BLTYHbPmcyL1AoksiKTSdMeFQ93qASFmTp8Emmo%3D&reserved=0>
 | Twitter: @HEISCouncil | bkelly () educause edu<mailto:bkelly () educause edu>

direct: 720.406.6757 | mobile 475.449.6440 | educause.edu<http://www.educause.edu/>
1150 18th Street, NW, Suite 900 Washington, DC 20036



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community