Penny Brohn UK among growing number of organisations affected by Blackbaud data incident
Blackbaud is a third-party provider of database management systems for charity and the Higher Education sector.
On 16 July, we were informed that some time in May, Blackbaud discovered and stopped a ransomware attack, successfully preventing a cyber criminal from taking control of their system and encrypting files. However, personal data was compromised, with the cyber criminal accessing a copy of the information stored on their system. Having undertaken a review of the information shared by Blackbaud against our data, we are sharing details of a breach of Blackbaud’s systems with you today.
We have been assured by Blackbaud that there is a low risk to Penny Brohn UK’s supporters and clients. However, we would urge you to continue to be vigilant of any unexpected communication and practise the usual caution around any suspicious emails and letters.
Any one whose data has potentially been affected by this incident has received correspondence from the charity.
If you are concerned or have further questions please contact us here: firstname.lastname@example.org
Blackbaud has set out further details about the incident here.
On 16 July, we were notified about a criminal attack on Blackbaud’s servers that had taken place in May. Blackbaud is the company that provide our supporter database, and the database of a large number of other organisations. The cyber criminal was able to remove a copy of a subset of data from a number of their clients. We believe it involves a number of UK and US healthcare, educational and not-for-profit organisations, as well as Penny Brohn UK data, and it may have involved your personal information including some personal information like names, addresses and email addresses .
What have Blackbaud done to rectify the situation?
As a matter of urgency we have sought confirmation about the steps Blackbaud has taken to manage the situation. They have informed us that, to the best of their knowledge, all of the details that were accessed have now been destroyed. We are aware that they have paid a ransom to the cyber criminals for assurances that the stolen information has been destroyed. They have worked with law enforcement and a third-party company and have found no evidence that any of the information taken has been used, and continue to monitor for this.
They have informed us that new safeguards have been put in place to prevent this happening again.
What information was accessed?
However, we would like to reiterate that we believe the risk attached to this incident is low, based on the steps taken by our contracted supplier. You can read their response on the Blackbaud website(Opens in new window)
No financial or banking details are included in the database.
Was any sensitive information taken? No. Any potentially sensitive data is kept securely on a different database. Therefore this information was not accessed.
Was any financial information about supporters taken? No.
What has Penny Brohn UK been doing since learning about the breach?
We immediately started an investigation of the breach and risk to our supporter and client community. We have reported the breach to the Information Commissioners Office and have taken advice from a company specialising in data management and data breaches.
Additionally, we have submitted a Serious Incident Report to the Charity Commission. We are also making a statement about the breach on our website. We will continue to seek clarity from Blackbaud about how the breach occurred and confirmation of which data may have been accessed, and will notify individuals if it appears that sensitive data has been accessed. We have also consulted with our IT service provider to ensure that our internal systems are secure.
How confident are you that the private data has been destroyed?
Blackbaud has assured us that to the best of their knowledge the data has been destroyed, and their ongoing monitoring has shown no sign of any of the information being used fraudulently. We continue to monitor the situation and seek independent advice.
What steps can our supporters take to protect themselves?
We would recommend to all supporters to continue to take the usual steps maintaining caution. More information about protecting against fraud can be found here.
No action is required from you at this time however, as best practice, we recommend you remain vigilant and promptly report any suspicious activity or suspected identity theft to the proper law enforcement authorities.
The breach affected a system that the charity stopped using in early 2019. Any information that you have given to us since then has not been affected.
For more information
We sincerely apologise for this incident and regret any inconvenience it may cause you. Should you have any further questions or concerns regarding this matter please do not hesitate to contact us at email@example.com.