Cyber Attackers hack the university donor system Blackbaud

Students at Georgia State have been receiving emails about cyberattacks and fraudulent information. Photo by Nida Merchant | The Signal

A major cyberattack targeted donors from Atlanta colleges and non-profit programs. The attack occurred through one of Georgia State Foundation’s third-party vendors, Blackbaud.

Blackbaud is a computing company used by Georgia State alumni donors that provides donor record-keeping services. The company stores donors’ personal information, including their full name, address, phone number, email address and Social Security number.

“The Blackbaud system was compromised by ransomware back in May,” Tram Vu, Georgia State’s Instructional Innovation and Technology engineer, said.

During the attack, cybercriminals attempted to lock companies out of their own data and servers.

According to Blackbaud’s summary of the incident, the cybercriminals removed a copy of subset data from Blackbaud’s self-hosted environment. Though the cybercriminals breached the system, they did not access Social Security numbers, credit card information or other sensitive data.

Blackbaud paid the cybercriminal to make sure they destroyed the information. Therefore,the donors from the university and others that are associated with Blackbaud have not lost any personal data. 

Blackbaud declined to disclose how much was paid to the cyber criminals. However, it was done using Bitcoin, according to The NonProfit Times. 

The Georgia State Foundation’s President Jay Kahn sent emails to students on Sept. 3, addressing the cyberattacks and fraudulent situation.

The email that was sent to students about the attack, ensures that the cybercriminals did not steal their personal information. The email also recommended that students be aware of any suspicious activities in cyberattacks.

Georgia State’s Technology Services offers valuable information on security software and advising resources to keep technology secured. 

IIT provides training for security awareness to practice for the workplace. They also teach students to detect modern-day internet scams. 

This online training will help students recognize a scam email and protect them against increasing cyber threats that can obtain personal and financial information.

The University System of Georgia requires faculty and staff members to complete cybersecurity awareness training twice annually, according to the Board of Regents Policy Manual.

The online training is conducted by using the KnowBE4 training system. It consists of interactive video modules and quizzes and will help protect against cyber threats. 

Georgia State is a large institution often targeted for phishing attacks.

Phishing is the cybercrime of obtaining personal information by posing as legitimate institutions. 

Therefore, the university also provides faculty with email fraud training that teaches how to recognize fraudulent emails and phishing techniques. 

To avoid being a victim of a cyberattack: 

  • Never download PDFs from emails you don’t recognize. They can be malware, which can damage your system mail (log into the account directly instead).
  • Check the email address and look up the “@” address to see if you can find anything on it.
  • Check grammar. Incorrect grammar and syntax are a dead giveaway of fraudulent emails.