Third-Party Vendor’s Data Breach Impacts WWU Foundation, Alumni Association

Personal information stored by a third-party vendor working with the Western Washington University Foundation and Alumni Association of WWU was taken in a data breach last winter, according to the university.

Blackbaud, Inc., which provides database services to nonprofits around the world, was the victim of a ransomware attack that resulted in the compromise of records for many colleges and universities, including WWU. Blackbaud notified its clients of the breach mid July, and the university has been working since then to assess who was impacted and the extent of the data loss.  

The records stolen were for Western, alumni, parents, and donors through July 2019; information for each individual in the database included name and address, date of birth, WWU student identification number, phone number email address, aggregate record of any gifts made to the university and any degrees achieved while attending the university. No sensitive information such as Social Security numbers, driver’s license information, bank information, or credit card information was included in this data. Because of the significant number of Blackbaud clients affected by the ransomware attack, there is no reason to assume Western was itself a specific target.

In the wake of the breach, the Western Foundation and the WWU Alumni Association are reviewing all third-party relationships to ensure external vendors are utilizing appropriate security protocols and has sent letters to its affected constituents notifying them of the breach. For more information about the breach, go to https://www.blackbaud.com/securityincident. 

Alumni, parents or donors who wish to have their contact information removed from the Western Foundation and WWU Alumni Association database can send this request to AdvancementData@wwu.edu.  For more information about the Blackbaud ransomware attack, contact Mark Brovak in University Advancement at mark.brovak@wwu.edu.