Boston University and Emerson College have notified students, alumni, and others about a potential data breach after one of its technology vendors experienced a ransomware attack in May.
The software company Blackbaud notified customers in July that hackers removed a copy of some of Blackbaud’s customer backup files, the schools said in separate statements.
The stolen data may have contained contact information, demographic data, and employment and academic information, BU said in a Saturday statement.
The files did not hold credit card information, passwords, or social security numbers, Emerson and BU said.
Emerson issued a statement about the attack on July 23. Blackbaud works with colleges and nonprofits to store data and information.
The company confirmed the hack in a statement to its website and said it paid a ransom for confirmation that the copied data files had been destroyed. Based on their investigation, the data did not go to anyone other than those who hacked the system and they have no reason to believe the information would be misused, the statement said.
“The Cybercrime industry represents an over trillion-dollar industry that is ever-changing and growing all the time—a threat to all companies around the world,” Blackbaud said in its statement. “We apologize that this happened and will continue to do our very best to supply help and support as we and our customers jointly navigate this cybercrime incident.”