July 2020 - Notification of Security Incident
In late July 2020, Naperville Heritage Society received notification from Blackbaud, a company that provides software tools and management resources for nonprofits across the world, that they had discovered a cyberattack on one of their systems that houses donor information. Unfortunately, Naperville Heritage Society was one of a number of organizations impacted by this security breach. A detailed explanation of the incident is available on Blackbaud’s website.
A detailed forensic investigation was undertaken, on behalf of Blackbaud, by law enforcement and third-party cyber security experts. Blackbaud has confirmed that the investigation found that no encrypted information, such as bank accounts, credit card or passwords, was compromised during the attack.
The data accessed may have contained some of the following information:
- Contact information including name, addresses, phone numbers and email
- Gender and date of birth (if applicable)
- Record of event and activities including donations and volunteer activity
- Employer information (if applicable)
We have been informed that in order to protect customers' data and mitigate potential identity theft, Blackbaud met the cybercriminal's ransomware demand. Additionally, according to Computer Weekly, Blackbaud has hired a third-party team of experts to monitor the dark web as a precaution.
What else are we doing? We have continued to reach out to Blackbaud seeking full details on what happened and additional security measures they plan to put in place. Blackbaud is well known for their cyber security measures. Computer Weekly, when reporting on this breach, made the following assessment: “At face value, Blackbaud operates a sophisticated and a substantial cyber security practice with a team of professionals, developed over the past five years and evaluated by independent reviewers who have determined that it exceeds benchmarks for the finance and tech sectors. It follows industry-standard best practice, conducts ongoing risk assessments and penetration testing. It is also a member of several security thought leadership organizations”.
We do not feel there is a need for any member of our community to take action at this time, yet we recommend that all remain observant and report any suspicious activity or suspected identity theft to the proper authorities.
We regret this has taken place and apologize for any concern this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.