Cyber Incident Victim: Kentucky State University
Date:
Feb 2020
Location:
United States of America
Summary
Kent State University was indirectly impacted by a ransomware attack targeting Blackbaud, a cloud services provider. The incident potentially exposed constituent data including names, contact details, and donation histories, though no financial information or Social Security numbers were compromised. The university alerted affected individuals to monitor for suspicious activity and identity theft risks. Officials expressed disappointment over delayed notification from the vendor and are exploring alternative third-party solutions following the breach. Blackbaud reportedly paid the ransom and confirmed the stolen data was destroyed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In February 2020, Blackbaud, a global cloud software provider serving nonprofit and educational institutions, experienced a ransomware attack that compromised client data. The attacker infiltrated Blackbaud’s systems, exfiltrated a copy of data, and demanded a ransom. Blackbaud detected the breach in May 2020, engaged independent forensic experts and law enforcement to expel the threat actor, and paid the ransom after receiving assurances the stolen data was destroyed. According to Blackbaud’s July 2020 statement, the attacker did not access credit card details, bank account information, or Social Security numbers. The company delayed notifying affected clients until July, nearly two months after containment.
Kent State University’s Division of Institutional Advancement, which manages alumni relations and philanthropic activities, was among the impacted entities. Blackbaud’s compromised ResearchPoint platform, used by the university for 12 years, contained constituent data including names, email and mailing addresses, phone numbers, donation histories, and transaction amounts. Kent State notified constituents on August 3, 2020, advising vigilance against suspicious activity and identity theft. Alumni expressed concerns about financial data exposure and requested removal from marketing lists, though the university clarified that core database records could not be deleted. Assistant Vice President Leigh Greenfelder confirmed the breach caused operational disruption, citing disappointment over Blackbaud’s delayed notification and initiating reviews of alternative third-party vendors. The incident prompted heightened scrutiny of donor communications and data handling practices within the Division.