Friends of Casco Bay was one of a large number of nonprofits here in Maine and across the country that were affected by a security breach at Blackbaud, a third-party provider of our database. Blackbaud experienced a ransomware attack that occurred between February and May of this year.
We are assured by Blackbaud that no credit card or bank account information was stolen. Furthermore, Friends of Casco Bay does not collect or record other personal information, such as social security numbers or driver’s license numbers. Blackbaud informed us that the compromised data that cybercriminals did have access to may have included demographic information, such as our donors’ contact information and giving history with our organization.
According to Blackbaud, the company paid for the cybercriminals’ confirmed destruction of the copy of the stolen information. Based on the nature of the incident, their research, and third party (including law enforcement) investigation, Blackbaud has stated that “there is no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly.” You can read Blackbaud’s official statement here.
What We Are Doing
We take your privacy very seriously. From what we have learned from Blackbaud about this incident, there is no indication that our information was specifically targeted. We are investigating what occurred and whether there is anything we can do to better protect our donors’ personal data. As part of Blackbaud’s ongoing efforts to help prevent something like this from happening in the future, they already have implemented several changes that will help protect our data from subsequent incidents, and they are accelerating efforts to further defend their network from attacks. We have been told that Blackbaud and its security partners are continuing to scour the web to ensure that your personal information is being protected. We post more information if we learn more details about this incident.
What You Can Do
As a best practice, remain vigilant and promptly report any suspicious activity or suspected identity theft to the proper law enforcement authorities and entities impacted. The Federal Trade Commission provides a resource to help you report identity theft and to help you create a personal recovery plan. Out of an abundance of caution, you can place a credit freeze on your files with the three major credit bureaus: Equifax, Experian, and TransUnion, to prevent a thief from opening up accounts in your name.
If you have any questions or concerns, please do not hesitate to contact Will Everitt, Communications and Development Director, at (207) 671-1315 or by email willeveritt [at] cascobay [dot] org.
Thank you for caring about the environmental health of Casco Bay.