McIntire Botanical Garden (MBG) takes the protection and proper use of donor information very seriously. Therefore we have notified our donors about a recent data security incident that may have involved some personal information. Blackbaud, a software company that manages MBG’s database, recently informed us of a security incident affecting thousands of their clients, including MBG. We have assured our donors that the security incident did not involve access to any credit card information, bank account information, or social security numbers.
Blackbaud recently notified us that it was the target of a security incident that occurred on February 7, 2020, and could have continued intermittently until May 20, 2020. Blackbaud reported that after discovering the attack, its Cyber Security team brought in law enforcement and independent forensics experts and successfully expelled the cybercriminal from Blackbaud’s system. Blackbaud indicated that before being detected and locked out of Blackbaud’s system, the cybercriminal removed a backup file that may have contained some donor personal information. We are told that Blackbaud paid the cybercriminal’s demand and received confirmation that the stolen data had been destroyed.
What Information Was Involved
Blackbaud indicated that the backup file that was removed may have contained demographic information, including names, physical and email addresses, telephone numbers, and giving history. The cybercriminal did not access any credit card information, bank account information, or social security numbers. Moreover, MBG does not retain this type of sensitive information in our database. Based on the nature of the incident and law enforcement investigations, Blackbaud believes that no data went beyond the cybercriminal or was misused before being destroyed.
What We Are Doing
We have notified all donors so that they can take immediate action to protect themselves. Ensuring the safety of donor data is of the utmost importance to us. We are told that as part of Blackbaud’s ongoing efforts to help prevent something like this from happening in the future, they have already implemented several changes that will protect data from any subsequent incidents.
What You Can Do
As a best practice, we recommend everyone remain vigilant and promptly report any suspicious activity or suspected identity theft to the proper law enforcement authorities.
For More Information
We sincerely regret any inconvenience. For additional information, please email us at email@example.com.