Attention: 0W0-1W0 graduates

Attention 0W0 (class of 2000) to 1W0 (class of 2010) graduates of Williamson. Please view the important announcement below:

Williamson College of the Trades
Notification of a Cybersecurity Breach by a third-party provider (Blackbaud)

October 2, 2020

Colleges and K-12 schools across the nation rely on Student Management Systems (SMS) to effectively oversee and manage many, if not all, of their student administrative functions (registration, scheduling, student grades, etc.). For over 25 years, Williamson College of the Trades has partnered with Blackbaud, a leader within the education community, as our SMS provider. As Blackbaud services over 45,000 non-profit and government clients, it takes cybersecurity very seriously. Unfortunately, despite their best efforts, a cybercriminal was recently able to penetrate a section of their system and cloud database. This security breach may potentially impact 1,219 Williamson graduates from classes 0W0 (2000 graduates) to 1W0 (2010 graduates).

To determine if you are one of the graduates that may be impacted by this security issue, please contact Dr. Todd Zachary by email (tzachary@williamson.edu) or by phone (610-566-1776).

What Happened

On October 1, Williamson College of the Trades was notified by Blackbaud, our third-party SMS provider, of a security incident. According to their report, Blackbaud discovered and stopped an outside ransomware attack. Blackbaud’s cybersecurity team, together with independent forensics experts and law enforcement, successfully prevented the cybercriminal from accessing their fully encrypted files and from blocking Blackbaud from their own system, ultimately expelling the hacker from their system. In the meantime, however, the cybercriminal was able to gain access to part of their system that includes Williamson’s cloud-based back-up files containing students’ personal information.

What Information Was Involved

It is important to note that the cybercriminal did not access credit cardholder data. However, the investigation determined that the data removed may have contained a subset of personal information, possibly including student contact and demographic information. Based on the nature of the incident and the investigation, which included law enforcement, Blackbaud has no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly.

Current Measures

The investigation was able to quickly identify the vulnerability associated with this incident, including the tactics used by the cybercriminal. As part of their ongoing efforts to help prevent something like this from reoccurring, Blackbaud took swift action to correct the vulnerability, immediately implementing numerous additional measures to protect all student data. Through testing by multiple third parties, Blackbaud has been able to confirm that these corrective measures will be able to withstand all known attack tactics. Additionally, Blackbaud is enhancing its efforts to further harden their environment through enhancements to access management, network segmentation, and the deployment of additional endpoint- and network-based platforms.

Additional Service Provided

Blackbaud is providing all individuals possibly impacted by this breach with access to Single Bureau Credit Monitoring services at no charge. Services are for 24 months from the date of enrollment. If changes occur to an enrolled individual’s Experian credit file, he will be notified the same day the change or update takes place with the bureau.  In addition, Blackbaud is providing proactive fraud assistance to help with any questions.  Any enrolled individual who becomes a victim of fraud will have access to remediation support from a CyberScout Fraud Investigator. To receive this monitoring service, you must enroll within 90 days from the date of this notice (no later than January 2, 2021).

For enrollment information, please contact Dr. Todd Zachary by email (tzachary@williamson.edu) or by phone (610-566-1776).

Proactive Fraud Assistance

CyberScout provides unlimited access during the service period to a fraud specialist who will work with enrolled notification recipients on a one‐on‐one basis, answering any questions or concerns that they may have.  Proactive Fraud Assistance includes the following features:

• Fraud specialist-assisted placement of fraud alert, protective registration, or geographical equivalent, in situations where it is warranted.
• After placement of a Fraud Alert, a credit report from each of the three (3) credit bureaus is made available to the notification recipient (United States only).
• Assistance with reading and interpreting credit reports for any possible fraud indicators.
• Removal from credit bureau marketing lists while Fraud Alert is active (United States only).
• Answering any questions individuals may have about fraud.
• Provide individuals with the ability to receive electronic education and alerts through email. (Note that these emails may not be specific to the recipient’s jurisdiction/location.)

Identity Theft and Fraud Resolution Services

Resolution services are provided for enrolled notification recipients who fall victim to an identity theft as a result of the applicable breach incident.  ID Theft and Fraud Resolution includes, but is not limited to, the following features:

• Unlimited access during the service period to a personal fraud specialist via a toll-free number.
• Creation of Fraud Victim affidavit or geographical equivalent, where applicable.
• Preparation of all documents needed for credit grantor notification and fraud information removal purposes.
• All phone calls needed for credit grantor notification and fraud information removal purposes.
• Notification to any relevant government and private agencies.
• Assistance with filing a law enforcement report.
• Comprehensive case file creation for insurance and law enforcement.
• Assistance with enrollment in applicable Identity Theft Passport Programs in states where it is available and in situations where it is warranted (United States only).
• Assistance with placement of credit file freezes in states where it is available and in situations where it is warranted (United States only); this is limited to online-based credit freeze assistance.
• Customer service support for individuals when enrolling in monitoring products, if applicable.
• Assistance with review of credit reports for possible fraudulent activity.
• Unlimited access to educational fraud information and threat alerts.

What You Can Do

On behalf of Blackbaud, Williamson sincerely apologies for any disruption or inconvenience that this security incident may cause you. As a best practice, we recommend you remain vigilant and promptly report any suspicious activity or suspected identity theft to the proper law enforcement authorities. Should you have any further questions or concerns regarding this matter, please do not hesitate to contact Dr. Todd Zachary by email (tzachary@williamson.edu) or by phone (610-566-1776).