NEWS

Blackbaud Data Security Incident

On July 16, 2020 Preble Street was notified that Blackbaud — a third party provider of a cloud-based platform used by Preble Street for fundraising and donor information management — experienced a global security incident that began in February 2020 and ended in May 2020, when Blackbaud discovered the incident. Through its investigation, Blackbaud discovered that the incident affected a large number of organizations worldwide, ranging from hospitals and universities to nonprofits organizations.

In its statement — which you can read at blackbaud.com/securityincident — Blackbaud indicated, as mentioned above, that the cybercriminals did not access credit card information, bank account information, usernames, or passwords. The compromised information may have contained demographic data and information pertaining to your relationship with Preble Street, including philanthropic giving history; but Preble Street does not collect or store Social Security numbers, driver’s license numbers or other sensitive personally identifiable information.

According to Blackbaud, they paid for the cybercriminals’ confirmed destruction of the copy of the stolen information. And based on the nature of the incident, their research, and third party (including law enforcement) investigation, Blackbaud has stated that “there is no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly.”

We take data security and privacy very seriously. We reached out to our constituents in late July regarding this incident, and are undertaking a thorough investigation of what occurred and what information may have been exposed during Blackbaud’s data security incident. We will take all appropriate actions based on our investigation to ensure your information is and remains properly protected.

In addition, Blackbaud is accelerating their efforts to further harden their environment through enhancements to access management, network segmentation, and deployment of additional endpoint and network-based platforms.