We are grateful for your engagement with The University of Texas at El Paso. With that gratitude comes a responsibility and commitment to keep you fully informed of matters involving any constituent records we maintain. That is why we want you to know that we, along with The University of Texas System, were recently notified by Blackbaud, Inc., a third-party database provider, of a security incident. Blackbaud is the world’s largest provider of software and online applications that support philanthropic and communication activities, serving more than 45,000 clients that include universities, healthcare organizations, nonprofits and foundations in more than 100 countries. UTEP, the UT System Administration and most of our sister institutions use one or more Blackbaud products.
What happened?
At this time, we understand that Blackbaud discovered – and was able to stop – a ransomware attack in May. Based on the information we received from Blackbaud on July 16, a cybercriminal accessed copies of some customer files containing constituent information. Blackbaud worked with security experts and law enforcement to respond to the ransom threat and reports to have received confirmation that the stolen data was destroyed and not used by the cybercriminal.
Immediately upon notification of the incident from Blackbaud, we have been working diligently, conducting an array of internal reviews with our legal, information security, and privacy experts to determine the exposure of our records, if any. At this time, we are not aware of fraudulent activity that has occurred with any constituent records, and we continue to work with Blackbaud to learn more.
What information was involved?
We have been informed by Blackbaud that backup data to three services UTEP purchases from Blackbaud was stolen and then those copies were destroyed by the cybercriminal. The backup data included personally identifiable information, other data that is publicly available, and relationship history/engagement information. Blackbaud further reported that financial information, such as credit card information or bank information, and Social Security numbers were not accessed by the cybercriminal.
How might you get more information?
We take the protection and proper use of your information very seriously and are remaining vigilant as we continue to monitor and learn more. We respectfully recommend that you do the same.
Blackbaud has reported that it has already implemented several security changes to protect constituent data from any subsequent incidents.
Further steps you can take
We do not believe it is necessary to take any further action at this time, but we understand your concerns. As with any potential breach in personal information, we do, however, recommend that you remain cautious – monitor your online and financial activity and report anything suspicious.
If you would still like to take action, the recommendation by the Federal Trade Commission (FTC) is that you place a fraud alert on your credit file. A fraud alert lets creditors know to contact you before they open any new accounts or change your existing accounts.
For your convenience, we have included contact information to the three major credit bureaus who can assist you with establishing a fraud alert. The company you contact is required to notify the other two, which will place an alert on their versions of your credit report as well.
Equifax: 800-685-1111
(https://www.equifax.com/personal/credit-report-services/)
Experian: 888-397-3742
(https://www.experian.com/help/)
Transunion: 888-909-8872
(https://www.transunion.com/credit-help)
Once you place the fraud alert in your file, you are entitled to order free copies of your credit reports and, if you ask, only the last four digits of your Social Security Number will appear on your credit reports. Carefully review any credit reports you receive. Look for accounts you did not open. Look for inquiries from creditors that you did not initiate. And look for personal information, such as a home address and Social Security Number that is not accurate. If you see anything you do not understand, call the credit agency at the telephone number on the report.
We value your trust in UTEP and sincerely apologize for any concern or inconvenience this incident may have caused. If you have additional questions, please reach out to us at advancementsecurity@utep.edu or 915-747-8533.