William & Mary takes the privacy of its community members and supporters seriously and values the trust placed in the university when personal data is shared. W&M has been notified by Blackbaud, a vendor that provides data hosting services to hundreds of universities and nonprofits worldwide, that they experienced a ransomware attack. While we were unfortunately among the many worldwide who were included in this attack, the data impacted includes primarily demographic, contact and donor engagement information. We do not keep dates of birth, social security numbers, credit card numbers or other financial data in this system, and so that information was not affected.
We have reached out to those within our system who may have been affected by the attack, and the Mason School of Business and the William & Mary Business School Foundation — which also use Blackbaud-hosted services for other purposes — will be sending out a separate communication to individuals whose data is stored in other files or parts of their systems.
We understand that Blackbaud, law enforcement and third-party experts have investigated this incident, and Blackbaud has indicated that the information in question has been destroyed by the bad actor. Blackbaud has hired a third-party firm to monitor for any misuse or public posting of the impacted dataset. Under these circumstances, we do not believe individuals affected need to take any action. More information is available from Blackbaud.
We apologize for any concern or inconvenience this incident has caused.