Dear Donors of Camillus House,
We were recently notified by one of our third-party service providers, Blackbaud, that they were the victim of a cybercrime ransomware attack. This occurred at some point beginning on February 7, 2020 and intermittently until May 20, 2020. Blackbaud’s donor database tool, Raiser’s Edge, is used by many nonprofits including Camillus House, to manage our charitable giving. Because Camillus House takes the protection and proper use of your information very seriously, we wanted to make you aware and explain the incident and what it means to our donors.
After discovering the attack, Blackbaud’s Cyber Security team—together with independent forensics experts and law enforcement—successfully prevented the cybercriminal from blocking their system access and fully encrypting files; they ultimately expelled them from their system. Prior to locking the cybercriminal out, the cybercriminal removed a copy of Blackbaud’s backup file containing personal information of donors.
It’s important to note that Camillus does not keep any donor’s credit card information, bank account information, or social security numbers in our records. However, the file removed may have contained your contact information, demographic information and a history of your relationship with our organization, such as donation dates and amounts.
In fact, based on the nature of the incident, Blackbaud’s research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly.
Since we value your support and dedication to our mission, we felt it was important to notify you of this unfortunate issue, in the event you wish to take any measures to protect yourself. Ensuring the safety of our donor’s data is of the utmost importance to Camillus House. As part of Blackbaud’s ongoing efforts to help prevent something like this from happening in the future, our third-party service provider has already implemented several changes that will protect your data from any subsequent incidents.
As a best practice and while there is no action required on your part, we encourage you to remain vigilant and report any suspicious activity or suspected identity theft to us and to the proper law enforcement authorities and each of the three nationwide credit reporting agencies.
- Equifax, PO Box 740241, Atlanta, GA 30374, equifax.com, 1-800-685-1111
- Experian, PO Box 2104, Allen, TX 75013, experian.com, 1-888-397-3742
- TransUnion, PO Box 2000, Chester, PA 19022, transunion.com, 1-800-888-4213
Because Blackbaud is widely used, other organizations you support may likewise be contacting you. We sincerely apologize for this incident and regret any inconvenience it may have caused you. Should you have any further questions or concerns regarding this matter, please do not hesitate to contact Camillus at [email protected] or 305-533-0192.
Thank you so much for all you do for Camillus House and we value and appreciate all your support.
Sincerely,
Christine Perez
V.P., Development