Notice of Data Breach
On July 16, 2020, we were notified by Blackbaud, a large provider of cloud-based data management services to the Visiting Nurse Association of Texas (VNA) and many other nonprofit organizations, that it had discovered and stopped a ransomware attack that occurred in Spring of 2020. Blackbaud, working with independent forensics experts and law enforcement, successfully prevented the cybercriminals from blocking system access and accessing encrypted data; and ultimately expelled the criminals from Blackbaud’s system. However, prior to locking the cybercriminals out, the cybercriminals removed a copy of some of VNA’s data regarding donors and other contacts. According to Blackbaud, any banking or credit card information contained in the affected systems were encrypted were not compromised. However, there was unencrypted, less sensitive information obtained, such as name, physical and email addresses, telephone numbers, volunteer and giving history.
Blackbaud informed us that it paid a ransom to the attackers in order to obtain confirmation that the compromised unencrypted information has been destroyed and Blackbaud has also assured us they are enhancing their safeguards to mitigate the risk of future attacks like this one, including paying a third party service to periodically review the dark web to confirm whether any of the information is for sale.
To date, there is no indication that any of the compromised unencrypted information is subject to further disclosure or misuse, and given the intent of the criminals to obtain the payment of the ransom, Blackbaud does not believe there is a high risk that the unencrypted information would be used for other purposes. Even though we do not believe that your personal information has been subjected to misuse or further unauthorized access due to this incident, out of an abundance of caution and in light of our respect for your privacy, we wanted to advise you of this incident. For more information on this incident and Blackbaud’s steps to mitigate the risk involved, please see https://www.blackbaud.com/securityincident
We take cyber-threats seriously, and we are committed to holding Blackbaud accountable and keeping your personal information safe and secure. As always, we appreciate the support of our donors and volunteers. Please contact Chris Culak at firstname.lastname@example.org if you have any questions or particular concerns.