To our Alumni and Friends,
Des Moines University was recently made aware of a data security incident that may have involved information about our alumni and donors. We take the protection and proper use of your information very seriously. Please see the information below that explains the incident and provides you with steps you can take to protect yourself.
What Happened
On July 16, 2020, we were notified of a security incident by one of our third-party service providers, Blackbaud Inc. Blackbaud is one of the world’s largest providers of customer relationship management systems and is used by a large majority of non-profits and higher education institutions.
At this time, our understanding is that Blackbaud discovered and stopped a ransomware attack, but not before some data may have been exposed. According to information provided to us from Blackbaud, the cybercriminal removed data for the purpose of extorting funds from Blackbaud. This occurred at some point between February 7, 2020 and May 20, 2020. Based on their research, Blackbaud and law enforcement officials believe that no data went beyond the cybercriminal. Nonetheless, they have hired a third-party team of experts to monitor the dark web as an extra precautionary measure. Des Moines University is working closely with Blackbaud to mitigate any further risk of exposure and will continue to deploy security-monitoring technologies aimed at malicious attempts to access Des Moines University information.
What Information Was Involved
It’s important to note that Blackbaud has informed us that the cybercriminal did not access your credit card information, bank account information, or social security number. However, the files stolen may have contained your name, contact information, and relationship history with Des Moines University.
What We Are Doing
We are notifying you so that you can take immediate action to protect yourself. Ensuring the safety of our constituents’ data is of the utmost importance to us. Please know that Des Moines University has not and will not ever sell your personal or contact information. As part of their ongoing efforts to help prevent something like this from happening in the future, our service provider has already implemented several changes intended to protect your data from any subsequent incidents.
What You Can Do
As a best practice, we recommend you remain vigilant and promptly report any suspicious activity or suspected identity theft to us, and to the proper law enforcement authorities including your state’s Attorney General’s office. We also suggest you monitor national credit reporting agencies and report to them if you have concerns about suspicious activities.
For your convenience, the contact information for these credit agencies is below:
- Equifax: https://www.equifax.com/personal/credit-report-services/ 800-685-1111
- Experian: https://www.experian.com/help/ 888-397-3742
- Transunion: https://www.transunion.com/credit-help 888-909-8872
For More Information
We sincerely apologize for this incident and regret any inconvenience it may cause you. Should you have any further questions or concerns regarding this matter and/or the protections available to you, please contact LaVerne Greenfield at laverne.greenfield@dmu.edu or 515-271-1388.