December 18, 2020.
Saint Paul College has learned of a ransomware attack of its donor management software vendor, Blackbaud, which may have allowed access by an unauthorized individual to not public data on students, alumni, and employees. Much of the data stored by Blackbaud is considered directory information under the Family Educational Rights and Privacy Act (FERPA) and is therefore public data under Minnesota law. However, Saint Paul College disclosed some not public data to The Friends of Saint Paul College Foundation, and those data elements were stored by Blackbaud and accessible in the attack. Such information may have included contact information, dates of birth, demographic data, philanthropic interests, and donation history. Blackbaud asserts that the attacker did not access credit card information; any bank account information or social security numbers were encrypted and not accessible to the attacker. For a full report, contact David Kline, Executive Director, Friends of Saint Paul College Foundation 651.846.1469 or David.Kline@saintpaul.edu.