We appreciate you and take the protection and proper use of your personal information very seriously. We are therefore writing to let you know about a data security incident involving Blackbaud. Blackbaud is a company that houses fundraising databases for Johnson as well as numerous other higher education institutions and nonprofit organizations. We have been assured by Blackbaud that this data breach has not put you or your personal information at risk. Because we appreciate you, however, and assign the highest priority to maintaining your trust, we want to provide you with the details of the event.

On July 16, 2020, we were notified that Blackbaud had been a victim of a ransomware attack in May 2020.

According to Blackbaud, sensitive personal information, such as credit card data, bank account information, or social security numbers, was not impacted as a result of the event. The cybercriminals behind the attack were, however, able to remove and copy a subset of data from Blackbaud’s clients, including Johnson University’s data, prior to the discovery and removal of the cybercriminal from Blackbaud’s system. This incident may have resulted in unauthorized access to certain information maintained by Blackbaud about you or your business, including your name, addresses, phone numbers, birthdates, and donor profile information, including dates and amounts.

Following the breach, Blackbaud has:

  • conducted a thorough investigation and analysis of the breach.
  • concluded that this information was not disseminated or made public.
  • determined that the cybercriminals did not retain copies of any of the information.
  • shared their report and analysis of this incident with Johnson University’s Information Technology Department.

We believe that Blackbaud has taken appropriate remedial actions to prevent breaches in the future. You can read more about the incident on Blackbaud’s website at https://www.blackbaud.com/securityincident.

We are informed that Blackbaud took swift action and worked with hired experts and law enforcement to stop the cyber-attack. They have informed us that the data stolen by the cybercriminals has been destroyed.

We take the protection of our donor’s information seriously. We are notifying you of the incident so you are aware and can remain vigilant to promptly report any suspicious activity to Johnson University and the proper law enforcement authorities. While we believe no action is needed by you at this time, we want to be transparent in informing you about this incident.

We are sorry to communicate this to you and apologize for this incident and regret any in-convenience it may cause you. Ensuring the safety of your data is of utmost importance to us. If you have any further questions or concerns regarding this matter please feel free to email , Vice President for Advancement or call 865-251-2327.

Your support of the work of Johnson University matters greatly to us and we strive continuously to earn your confidence and support.

Tommy Smith

Richard Clark
Vice President for Advancement