For information – No action required
On July 16, we were notified of a security incident at our vendor Blackbaud. Blackbaud is a provider of database and fundraising software for many non-profits globally, including the Royal Oak Foundation.
In May of 2020, Blackbaud discovered and stopped a ransomware attack. In a ransomware attack, cybercriminals attempt to disrupt the business by locking companies out of their own data and servers. After discovering the attempted attack, their Cyber Security team—together with independent forensics experts and law enforcement—successfully prevented the cybercriminal from blocking their system access and fully encrypted files; and ultimately expelled them from the system.
Prior to locking the cybercriminal out, the cybercriminal removed a copy of the Royal Oak database that includes member information and giving history. The cybercriminal did not access credit card information, bank account information, or social security numbers, nor did they access usernames or passwords because they were encrypted.
Blackbaud has no reason to believe that any data was or will be misused and, as an extra precautionary measure, has hired a third-party team of experts to monitor the dark web for any activity involving copied data. Furthermore, Blackbaud has assured us of its commitment to prevent future cyber theft and has already implemented several changes to better protect your data.
Although we currently have no reason to believe that your personal information will be misused, we are notifying you about this incident out of an abundance of caution.
We sincerely apologize for this incident and regret any inconvenience it may cause you. Please do not hesitate to contact us should you have any further questions or concerns regarding this matter.