The information below was emailed to all of our constituents with an email address on July 24, 2020. If we do not have your email address and you would like to receive updates from Darlington School, please update your email address in the Alumni Directory or by emailing email@example.com.
Dear Darlington Community,
On Thursday, July 16, 2020, we were notified by Blackbaud, our third-party service provider for business and fundraising software, of a security incident with its system occurring between February and May 2020. Since that time, we have worked to try to determine what, if any, information of our constituents was possibly accessed. According to Blackbaud, the hackers did not access any files that contained your credit card information, financial account information, or social security numbers; but the hackers may have accessed files that contained your contact information, date of birth, and a history of your relationship with Darlington—including any donation amounts and the dates of those donations.
The nature of the attack was in the form of ransomware and Blackbaud has stated that it has paid the ransom and does not believe that any of your information has been, or will be, used by the hackers. While we still do not know what specific files may have been accessed, I wanted you to know of this issue out of an abundance of caution so that you can take steps to further monitor your credit and other financial accounts. To provide you with more information, please see below to review the details of the incident that Blackbaud has provided to us. Once we receive additional information as to what, if any, additional information was accessed, we will provide that to you. Since Blackbaud is a leading provider of business and fundraising software to schools, universities, and other non-profit and for-profit organizations; you may be receiving a similar letter from other organizations that use Blackbaud as well.
We value your relationship with Darlington School and regret that this incident occurred. If you have any questions or concerns or find any unusual activity in your accounts, please reply to this email or contact firstname.lastname@example.org.
L. Brent Bell
Head of School
Details provided by Blackbaud:
The Cybercrime industry represents an over trillion-dollar industry that is ever-changing and growing all the time—a threat to all companies around the world. At Blackbaud, our Cyber Security team successfully defends against millions of attacks each month and is constantly studying the landscape to ensure we are able to stay ahead of this sophisticated criminal industry. In May of 2020, we discovered and stopped a ransomware attack. In a ransomware attack, cybercriminals attempt to disrupt the business by locking companies out of their own data and servers. After discovering the attempted attack, our Cyber Security team—together with independent forensics experts and law enforcement—successfully prevented the cybercriminal from blocking our system access and fully encrypting files; and ultimately expelled them from our system.
Prior to our locking the cybercriminal out, the cybercriminal removed a copy of a subset of data from our self-hosted environment. The cybercriminal did not access credit card information, bank account information, or social security numbers. Because protecting our customers’ data was our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed.
Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly. In accordance with regulatory requirements and in an abundance of caution, we are notifying all organizations whose data was part of this incident and are providing resources and tools to help them assess this incident.
What This Means for Your Organization Specifically
Our public cloud environment (Microsoft Azure and Amazon Web Services) and most of our self-hosted datacenters, products and customers were not part of this incident, but we have confirmed the following specific to your organization:
And again, based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly. We have hired a third-party team of experts to monitor the dark web as an extra precautionary measure.