Blackbaud Data Security Incident

[[Element: ]]

Dear Friend of The Kirkwood Foundation,

We were recently made aware of a data breach which may have included some of your basic demographic information. No private data was accessed or compromised, and we were not legally required to notify you due to the type of information involved. However, in the interest of having complete transparency with our constituents, we wanted to make sure you were aware of the incident.

The Kirkwood Foundation is one of many of organizations that works with Blackbaud, a cloud software and data company, to help accomplish various fundraising goals. Unfortunately, as you may have heard, an incident involving data stored with the company recently occurred. This breach involved only information that was already accessible to anyone online including name, address, phone numbers and birthdates. No financial data or social security numbers were included.

What Happened?

In late July, we were notified that Blackbaud experienced a ransomware attack on the company in May. In this type of attack, criminals use malicious software to block individuals or organizations from accessing their own data by encrypting files in their system. The data is then rendered inaccessible until a ransom is paid.

In this instance, Blackbaud’s cyber security team discovered and stopped the attack with the help of law enforcement and independent forensics experts. Because of these quick actions, the cybercriminal was prevented from fully encrypting the company’s files and eventually ejected from the system.

However, before this was accomplished the perpetrator was able to remove a small amount of data from Blackbaud’s files. This material did not include any financial information or social security numbers. As mentioned above, the breach included only names, addresses, phone numbers and birthdates, which are basic demographic data already widely available to the public online.

What is Being Done Following the Breach

To ensure the protection of those affected by the theft, Blackbaud paid the ransom that the cybercriminal demanded in exchange for confirmation that the data was destroyed. According to the company and law enforcement that worked on the case, they have determined that there is no reason to believe the information went beyond the cybercriminal. As a safeguard, the company has hired a third-party team of experts to monitor the dark web for any use of the stolen data. In addition, Blackbaud has taken additional steps to prevent future such attacks from happening.

For More Information

If you would like more information about the breach, please go to www.blackbaud.com/securityincident. You can also speak to someone at Blackbaud about the breach by calling 855-907-2099.

Kirkwood and Your Information

We want to apologize for any concerns you may have as a result of the breach. The Kirkwood Foundation takes the security of your important information very seriously. We continue to monitor the situation and remain in contact with Blackbaud for the latest updates. If you would like to speak further about this incident, I encourage you to contact me at Jody.Pellerin@kirkwood.edu.

Thank you for your continued support of The Kirkwood Foundation.

Jody Pellerin
Vice President of Advancement