Dear John xxxxxx,
We are writing to inform you about a data security incident that may have involved your information. We take the protection and proper use of your information very seriously. We are therefore contacting you to explain the incident and what was done to resolve it.
What Happened
Last month, Blackbaud, our third party database provider, informed us that they discovered and stopped a ransomware attack on their system. After discovering the attack, Blackbaud’s Cyber Security team – together with independent forensics experts and law enforcement – successfully prevented the hacker from blocking their system, and successfully expelled them from their system. The attack took place between February 7, 2020 and intermittently through May 20, 2020. After receiving this notification, we contacted our representatives at Blackbaud immediately to gain further clarification. Blackbaud is a very large company and this breach affected many of their clients.
Please be assured that The Opportunity Agenda does not store credit card or social security numbers, and therefore those data were not breached.
In addition, Blackbaud encrypts any such information that is accessed via credit card donations, and the hacker did NOT access that information. However, the file removed may have contained your name, address, phone number, email address, and/or a record of any contributions you have made to The Opportunity Agenda.
The Response
Because protecting customers’ data is their top priority, Blackbaud paid the hacker’s demand with confirmation that the copy they removed had been destroyed. An outside cyber security team is continuing its monitoring as an extra precaution.
Based on the nature of the incident, their research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the hacker, was or will be misused, or will be disseminated or otherwise made available publicly.
Furthermore, Blackbaud’s team was able to quickly identify the vulnerability associated with this incident, including the tactics used by the hacker, and took swift action to fix it. The service provider has confirmed through testing by multiple third parties, including the appropriate platform vendors, that their fix withstands all known attack tactics. Additionally, Blackbaud is further enhancing its security controls as part of its ongoing efforts to help prevent an incident like this in the future.
What You Can Do
As a best practice, we recommend that you remain vigilant and promptly report to us and to the proper law enforcement authorities any suspicious activity or suspected identity theft.
We sincerely apologize for this incident and regret any inconvenience it may cause you. We deeply value your relationship with The Opportunity Agenda. Should you have further questions, please contact Leslie Weber at [email protected].
Best Regards,
Elizabeth Johnsen
Editorial and Outreach Director