The Virginia Commonwealth University has suffered a massive international data breach in which alumni information was stolen. The breach has affected 176,567 current and former VCU students, staff, and affiliates.
Blackbaud, an online cloud platform that VCU uses for development and alumni related activities, was the company that found the breach.
According to a letter released by VCU, titled “Blackbaud Incident“, the stolen information was essentially just demographic based. This includes name, address, contact information, donation history, board service, and degrees. Additionally, the letter goes on to say, “It is important to point out that VCU does not store any credit card information, bank account information, private health information or Social Security numbers in this database, so this information was not compromised in any way.”
The information present in the breach suggests that identity theft and financial fraud are not possible with just demographics. Indeed, the VCU claims that they do not believe alumni need to take any additional measures to protect their security. The letter states, “Based on the nature of the incident, the research performed by the service provider and third-party and FBI investigators, Blackbaud has stated there is no reason to believe any data involved in the breach went beyond the cybercriminals.”
VCU learned of this breach on July 16th. Their letter was last updated on July 31st. In response to the breach, blackbaud opted for a third-party security monitoring team to indefinitely search for potential breaches.