Notification and Information Regarding Blackbaud Data Incident
Trust is a core value of the Santa Rosa Junior College Foundation. We take very seriously the importance of protecting the personal information entrusted to us by members of our community. That's why we were extraordinarily troubled to learn that Blackbaud, the database software provider we use to maintain alumni, community member and donor information, experienced a ransomware attack. While Blackbaud doesn't believe that your information was misused in any way, we're writing to inform you about this and to outline steps we're taking.
Blackbaud is one of the world's largest software providers to universities, schools, charities, and other nonprofit organizations and offers data management services for the SRJC Foundation. On August 6, 2020 Blackbaud confirmed that in May 2020 they had discovered - and stopped - a ransomware attack on their computer systems and that SRJC Foundation data was compromised.
To protect against further compromise of customers' data and to mitigate potential identity theft, Blackbaud met the cybercriminal's ransomware demand. Blackbaud reports they received confirmation that the cybercriminal destroyed the copied data in exchange for the ransomware payment.
Blackbaud stated that they "have no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly." They base this on the type of incident, their research, and the involvement of law enforcement and cybersecurity experts. In addition, Blackbaud hired a third-party team of experts to monitor the dark web as an extra precautionary measure.
What information was involved?
It’s important to note that the cybercriminal did not access your credit card information, bank account information, or social security number. Notably, the SRJC Foundation does not store that information in the Blackbaud database (or anywhere else). However, we have determined that the file removed may have contained your contact information, employer information, gender and date of birth, spouse's identity, and a history of your relationship with our organization, such as event participation and record of giving.
What are we doing about the situation?
We're continuing to take measures to understand the full scope of this attack and to protect the personal information of our community members. We believe it is important to inform our community of the Blackbaud incident so we can all stay vigilant as we seek additional information from Blackbaud regarding:
- Why there was a delay between incident discovery and notification to all those affected
- Why they're confident the cybercriminals won't misuse or disseminate the data they seized
- The additional security meaures they've put in place since the incident and any additional measures they plan to implement
What you can do
We want to emphasize again that no credit card, bank account, or other information of that nature was compromised because the SRJC Foundation does not store that information in the Blackbaud database. However, as a best practice, data security experts recommend that individuals remain vigilant by reviewing their account statements and credit reports closely and reporting any suspicious activities. For example:
- If you receive unsolicited requests for donations from us or other nonprofits, please call the number on the organization’s website to confirm the legitimacy of the solicitation
- Obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting http://www.annualcreditreport.com.
- If you detect any suspicious activity, promptly notify the financial institution or company where the account is maintained. You also should report any fraudulent activity or suspected incidence of identity theft to law enforcement authorities, your state attorney general, and/or the Federal Trade Commission.
You can learn more about this data incident at https://www.blackbaud.com/securityincident
We deeply regret any worry or inconvenience this incident may cause you. If you have any further questions or concern regarding this matter, please don't hesitate to contact us at email@example.com or 707-527-4348 (M-F 8am-5pm PST).