University reports data breach with third-party provider


Bianca Cseke | The DePaulia

DePaul University Lincoln Park campus.

The Office of Advancement announced a data breach involving third-party service provider Blackbaud in a statement sent out to members of the DePaul community Thursday. 

The company suffered from a “ransomware attack” in which backup files containing personal information from various institutions across the United States, Canada and the United Kingdom were obtained. 

According to the statement, the incident apparently occurred between Feb. 7 and May 20, and Blackbaud “recently” notified the university of the breach.

The obtained files may have included names, addresses and relationship histories with DePaul, according to the statement. 

“Blackbaud assures us that there is no reason to believe that any data was or will be misused or made available publicly, and that the cybercriminal did not access any highly sensitive financial information, such as credit card information, bank account information, or social security numbers,” the statement read.

University spokesperson Carol Hughes said the administration “has nothing further to add.”

Individuals are encouraged to report any suspicious activity that may be related to the breach to the proper authorities. 

The statement said Blackbaud has already implemented security changes following the breach, and the university is “working directly” with the company to ensure data will be protected from such incidents going forward.