Blackbaud Data Breach – Notification to Supporters
EngenderHealth was recently notified that Blackbaud, a software vendor widely used across the non-for-profit fundraising sector, was victim to a ransomware attack. We use Blackbaud’s software for our donor contact database. Though none of your financial or other sensitive personal information was involved, out of an abundance of caution and because of the value we place on transparency and your trust, we want you to be informed.
What happened?
Blackbaud discovered and stopped a ransomware attack on its servers. Working with independent forensics experts and law enforcement, Blackbaud successfully expelled the cybercriminal from the system and regained control of their data.
According to Blackbaud, the cybercriminal removed a copy of backup files, and our records may have been among those files. Blackbaud paid the cybercriminal’s demand and received confirmation that the backup files removed from their system were destroyed. Based on the nature of the incident, their research, and third–party investigation, Blackbaud does not believe that any data was or will be misused or will be disseminated or otherwise made available publicly.
What information was involved?
If any of your information was involved, it could include names, contact information, dates of birth, giving history, and in some cases, profession, affiliations, and family connections. EngenderHealth does not store credit card or bank information or social security numbers in our database; your financial information was not at risk.
Preventing future threats:
To protect data and prevent future cyberattacks, Blackbaud is taking corrective actions. We will be examining our relationship with Blackbaud to ensure they are properly protecting data against future threats.
EngenderHealth works closely with our own information technology vendor to secure our internal systems, and we will continue to guard your information carefully. The attack on Blackbaud had no impact on EngenderHealth’s network.
What do I need to do?
As is best practice, we recommend you remain aware and promptly report any suspicious activity involving your personal information to the appropriate agency or law enforcement authorities. The Federal Trade Commission website has resources and tools to help you monitor and protect your identity and personal information. Again, no financial information is stored by EngenderHealth or was compromised in the attack on Blackbaud.
It is also good to be vigilant regarding “spear-phishing” attacks – deceptive emails that use information about you in order to trick you into clicking on malicious links or downloading malware to your computer. If an email looks suspicious, do not click on any links, or open any attachments.
For more information:
We sincerely regret this situation. Should you have any questions or concerns, please do not hesitate to contact us at development@engenderhealth.org.