Information on the Recent Data Security Incident
You likely have already received an email from ERD or the Development Office, but we wanted to ensure that all UTO participants received the same information at once, so we apologize if you have already received this information via email from the Development Officer. UTO is grateful for the support of the Development Office for all of our online and text to give functions. With that said, this does not affect any of the donations received through the UTO Race in June as that was done through a separate platform. Please see the note below from Kurt Barnes, and if you have any questions, please let us know.
On July 16, 2020, the Domestic & Foreign Missionary Society received notification from Blackbaud, a cloud computer provider that serves the nonprofit community, that in May of 2020, it had discovered and stopped a ransomware attack. In a ransomware attack, cybercriminals attempt to disrupt the business by locking companies out of their own data and servers. Although Blackbaud was successful in expelling the cybercriminals from its system, it became aware that prior to the attempted attack, the attacker had acquired a database backup sometime between February 7 and May 20, 2020. Blackbaud therefore paid the cybercriminals’ ransom demand for this database backup with confirmation that the copy they removed had been destroyed and notified law enforcement.
A fundraising records module used by the DFMS Office of Development (ODD) was part of this incident. We have confirmed that the cybercriminal did not access credit card information, bank account information, usernames, passwords, social security numbers, or other sensitive personal information, stored in our database because they were encrypted. Some public information including donor names and addresses and/or email addresses may have been involved, however.
Based on the nature of the incident, Blackbaud’s research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal or was or will be misused.
We want to assure you that we take data privacy and security very seriously. We also continue to be deeply grateful for the faithful support of our friends and donors. If you have any further questions or concerns regarding this matter, please email firstname.lastname@example.org.
Kurt Barnes, Treasurer and CFO