The OTC Foundation administers a database which is hosted by a third-party technology partner, Blackbaud, Inc. (“Blackbaud”). In July 2020, Blackbaud notified us and many other clients of a data breach which may have involved donors’ personal information. We take our responsibility seriously as a steward of both your contributions and your information, and we have worked to be as thorough and proactive in understanding this unfortunate event so that we can provide you the most accurate and transparent accounting of how your information was affected.
In May 2020, Blackbaud discovered and stopped a ransomware attack. In a ransomware attack, cybercriminals attempt to disrupt the business by locking companies out of their own data and servers. After discovering the attempted attack, Blackbaud’s cybersecurity team—together with independent forensics specialists and law enforcement— reported that the unauthorized actor was expelled from Blackbaud’s systems. Blackbaud reports that data accessed by the cybercriminal was destroyed. Based on the nature of the incident, Blackbaud’s research and a third-party investigation, including law enforcement, there is no reason to believe any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly.
After utilizing all legal and technical resources available to the college, and seeking clarity from Blackbaud to our satisfaction, we have no reason to believe that your most sensitive information, such as Social Security number or bank account information, was accessed by the cybercriminals. The OTC Foundation follows best practices in handling your information, and our commitment to careful and prudent database management removed the possibility of more alarming exposure of your information. We do not store information like social security numbers, passwords, or banking details in our database. What may have been accessed includes the following:
- Biographical items like name, address and, in rare cases, date of birth
- Associated businesses and organizations
- Gift records
- Other miscellaneous notes such as event registrations and history of correspondence with the OTC Foundation
While the gift records do include credit and debit card contributions, most of these transactions are processed directly in a separate, secure financial application outside the database where your information is stored. Any actual details from credit and debit card transactions present in the database are stored in an encrypted field, and were not accessed by the cybercriminals.
As always, you should remain vigilant and promptly report any suspicious activity or suspected identity theft to the proper law enforcement authorities. Please be assured we take your data privacy very seriously and use the utmost care in handling information related to your gifts to Ozarks Technical Community College. Maintaining your trust is paramount to us.
We sincerely regret any inconvenience this incident may cause you. Please do not hesitate to contact us if you have any questions or concerns regarding the breach, as we are eager to provide answers.