VILLANOVA, Pa., Sept. 14, 2020 /PRNewswire/ — On Thursday, July 16, 2020, Blackbaud, Inc., a cloud computing provider that offers customer relationship management tools to nonprofit organizations, reported that, in May 2020, it experienced a ransomware incident that resulted in encryption of certain Blackbaud systems. Following its investigation, Blackbaud notified its customers, including Devereux Advanced Behavioral Health, that an unknown cybercriminal may have accessed or acquired certain Blackbaud customer data. Blackbaud reported that the data was stolen by the cybercriminal at some point before Blackbaud locked the cybercriminal out of the environment on May 20, 2020.
Upon learning of the Blackbaud incident, Devereux immediately launched an investigation to determine what, if any, sensitive Devereux data was potentially involved. This investigation included working diligently to gather further information from Blackbaud to understand the scope of the incident. To date, Devereux has not received any reports that personal information has been misused as a result of this incident.
Devereux’s investigation determined that the impacted Blackbaud systems hosted its donor database. In the profile of certain actual or potential Devereux donors, there was a tab that listed the relevant donor’s relationship to an individual served by Devereux, thereby identifying that individual as having been served by Devereux currently or in the past. The impacted information did not contain the Social Security Numbers, financial account information, payment card information, or driver’s license numbers of Devereux’s clients or constituents. Please note that, to date, Devereux has not received any information from Blackbaud that Devereux information was specifically accessed or acquired by the cybercriminal, but this possibility could not be ruled out.
The confidentiality, privacy and security of donors’ and clients’ information is of the utmost importance, and Devereux takes this incident very seriously. As part of its ongoing commitment to secure its donors’ and individuals’ confidential information, Devereux is reviewing its existing policies and procedures regarding third-party vendors, and is working with Blackbaud to evaluate additional measures and safeguards to protect against this type of incident in the future. Devereux also will notify federal and state regulators, as required. In an abundance of caution, Devereux is notifying potentially impacted individuals so they may take further steps to protect their information, should they feel it appropriate to do so. Donors whose record in Devereux’s donor database was impacted will receive a direct notice via U.S. Postal Service mail.
Devereux encourages individuals to remain vigilant against incidents of identity theft and fraud, promptly change any involved account passwords, review account statements, and monitor credit reports for suspicious activity. Additional information can be found on Devereux’s website – www.devereux.org.
SOURCE Devereux Foundation