SEATTLE, Aug. 14, 2020 /PRNewswire/ — St. Joseph School, an all-city Catholic grade school, recently learned that Blackbaud, a St. Joseph School vendor that manages the School’s donor database, was the subject of a data security event. This was a wide-reaching security event that involved data from multiple nonprofit organizations and other entities accepting donations, including certain personal information of St. Joseph School donors. St. Joseph School takes data security very seriously, especially as it relates to personal information, and is notifying affected individuals and providing them with steps they can take to protect themselves.
In July 2020, Blackbaud informed St. Joseph School that it had discovered and stopped a ransomware event that occurred in May 2020. St. Joseph School understands the cybercriminal removed a backup copy of donor information that Blackbaud maintained for St. Joseph School. Ultimately, Blackbaud received confirmation that the copy of the data obtained by the cybercriminal was destroyed.
Once St. Joseph School was informed of the situation, it immediately started the process to review the files to determine who may have been impacted, and to notify them of what happened. St. Joseph School determined the affected file contained donation information, such as names of donors, contact information, dates of birth, and donation dates and amounts. The cybercriminal did not access any credit card information, bank account information, or Social Security numbers, since St. Joseph School does not store this information in its database.
While St. Joseph School has no indication that these events resulted in any misuse of donors’ personal information, and understands that the data file was destroyed, it is offering affected individuals free credit monitoring, provided by Experian. Affected individuals may obtain additional information by contacting a dedicated call center at 1-844-915-2892 between the hours of 6:00 AM and 3:30 PM Pacific time, Monday through Friday.
As a precautionary measure, individuals should remain vigilant about protecting themselves against potential fraud or identity theft by, among other things, reviewing their account statements and monitoring credit reports closely. If individuals detect any suspicious activity on an account, they should promptly notify the financial institution or company with which the account is maintained. They should also promptly report any fraudulent activity or any suspected incidents of identity theft to the proper law enforcement authorities, including the police and their state’s attorney general. It is always best practice for individuals to change their financial account passwords often, and to be alert for “phishing” emails from someone who acts like they know them and requests sensitive information over email, such as passwords, Social Security numbers, or bank account information.
St. Joseph School deeply regrets that this situation occurred. Upon learning of the situation, St. Joseph School reviewed its security protocols and procedures to reduce the risk of this situation arising again in the future. In addition, Blackbaud advised that it implemented several changes to enhance the protection of personal information moving forward. In particular, Blackbaud has accelerated efforts to further harden its environment through enhancements to access management, network segmentation, deployment of additional endpoint monitoring, and network-based platforms. For more information about this data security event, Blackbaud released a public statement acknowledging this incident and describing its cybersecurity practices, available at www.blackbaud.com/securityincident.
SOURCE St. Joseph School