FundSvcs Community

Expand all | Collapse all

Blackbaud Security Incident

  • 1.  Blackbaud Security Incident

    Posted 29 days ago

    Hi all,

     

    A number of colleges in our system that use Raiser's Edge received a notification this morning about a ransomware attack at Blackbaud back in May. It appears that Blackbaud paid the hackers for a subset of stolen RE, NetCommunity, and ResearchPoint data but it is not clear to me whether this data is still "out there."

     

    I'm working with our Central security folks on next steps but curious how others who've been impacted are approaching this situation.

     

    Thanks,

    Elina

     

    signature_38124676

    Elina Gorelik

    Associate Vice Chancellor for Advancement Operations

    205 East 42nd Street, Suite 953, New York, NY 10017

    Tel (646) 664-3002 | Fax (646) 664-2965

     



  • 2.  RE: Blackbaud Security Incident

    Posted 29 days ago
    Per the BB webinars, they have "assurances" the data has been destroyed, Take it for what you will.

    Dave Woodley, Chief Data Officer
    Unlock * Share * Connect
    Office of Data Services
    University of Alaska Foundation
    907-786-1373






  • 3.  RE: Blackbaud Security Incident

    Posted 29 days ago

    Exactly. That's what I'm wondering-how "assured" are we as a community?

     






  • 4.  RE: Blackbaud Security Incident

    Posted 29 days ago
    In short, talk with your lawyers and your information technology leads. Review whatever governmental compliance laws are applicable to you.  State and federal. If you have customers in Europe, Canada, and or Australia, there are particular laws that Blackbaud mentions.  

    Watch the webinars, read the FAQ, read the tool kit, and formulate whatever questions are not answered.  

    At this point, we are still in the information gathering phase. Once you have a firm footing on what the situation is and who will need to be informed, then plan your action steps. Do not take a blackboard at their word that the incident does not rise to the level of notification.  At this point, we are still in the information gathering phase. Once you have a firm footing on what the situation is and who will need to be informed, then plan your action steps. Do not take Blackbaud at their word that the incident probably does not rise to the level of notification.






  • 5.  RE: Blackbaud Security Incident

    Posted 29 days ago

    Agreed with all points below. We are working with our technical security leads and will be attending the webinar tomorrow. We've also been reading all the info and trying to make our assessment of next steps. Definitely having a hard time trusting the idea that hackers are good on their word.

     






  • 6.  RE: Blackbaud Security Incident

    Posted 29 days ago
    We are doing the same hre. I registered for the call tomorrow to hopefully get more details like you are asking for. The two on the call will be the Chief Information Security Officer and Director of Privacy
    .

    Gerri Silveira
    University Advancement
    EOU Foundation
    541-962-3835


    Due to the effects of the COVID-19 pandemic, Eastern Oregon University has adjusted to remote access and has ultimately implemented a reduction to classified staff work hours. Your inquiry is very important to me and I will respond to you as quickly as possible. If you need immediate assistance, please contact University Advancement at 541-962-3740. Thank you for your understanding and patience as we move through these unprecedented times.







  • 7.  RE: Blackbaud Security Incident

    Posted 29 days ago

    Which call?  I received the email and toolkit.  Our Information Security is assessing this now.  

     

    . I registered for the call tomorrow to hopefully get more details like you are asking for. The two on the call will be the Chief Information Security Officer and Director of Privacy

     

    Tracy

     






  • 8.  RE: Blackbaud Security Incident

    Posted 29 days ago

    If you go to the Resources Page, there's a tab for webinars:

     

     






  • 9.  RE: Blackbaud Security Incident

    Posted 29 days ago

    Thanks so much!  However, I am struggling to find this.  Their site can be challenging.  Can you point me there?  I am sure I am missing this.

     

     

     

    Tracy

     






  • 10.  RE: Blackbaud Security Incident

    Posted 29 days ago

    You have to go to the incident response page and click on the Webinars link at the top:

    https://host.nxt.blackbaud.com/incident-resources

     

    On this page you'll see the links to the Webinars they're holding on various dates.

     






  • 11.  RE: Blackbaud Security Incident

    Posted 29 days ago

    Thanks, again.  I was lost in the sea of BB's website.  With a little help, I found it. 

     

    Take care!

     

    Tracy

     






  • 12.  RE: Blackbaud Security Incident

    Posted 29 days ago
    More than anything, I am interested in seeing a copy of the security incident report. I've been told by several people who have waited on the phone for over an hour, that when they eventually get to talk to a live human being, no additional information is available. His customers I think we deserve better. Is anyone interested in taking joint action to get more details about the security incident?






  • 13.  RE: Blackbaud Security Incident

    Posted 29 days ago
    While not an incident report, The NonProfit Times released this article today.  It's the longest summary I've seen so far:


    John

    John H. Taylor
    Principal
    John H. Taylor Consulting, LLC
    2604 Sevier St.
    Durham, NC   27705
    919.816.5903 (cell/text)

    Serving the Advancement Community Since 1987







  • 14.  RE: Blackbaud Security Incident

    Posted 29 days ago
    can someone share the details for tomorrow's call?





  • 15.  RE: Blackbaud Security Incident

    Posted 29 days ago
    Has anyone been able to obtain a copy of the data that was compromised?  I'm having a hard time determining what information would have been contained in a backup of Blackbaud Net Community?

    ------------------------------
    Heather Breerwood
    hbreerwo@LOYNO.EDU
    ------------------------------



  • 16.  RE: Blackbaud Security Incident

    Posted 28 days ago
    I've been disturbed over the past couple years by Blackbaud's repeated use of the word "subset" as almost a euphemism to hide the extent of a problem, whether it's to describe customers affected by the frequent scheduled and unscheduled outages on their hosted data or software, or the number of customers and amount of data compromised in this specific incident.

    When they've said "subset," it usually means affecting what seems less like a "subset" and more like the entirety of customers hosted in a data center; or, in reference to the "subset' of customer data that was compromised, it is more accurately described as the entirety of your organization's hosted application data as of the backup date.

    I don't think they are being upfront with their current and potential customers about the extent of this incident, and it also seems to be part of a pattern of obfuscation regarding the reliability of their hosting services.

    ------------------------------
    Jonathan Morales
    Donor Database Administrator
    NPR
    jmorales@npr.org
    ------------------------------



  • 17.  RE: Blackbaud Security Incident

    Posted 28 days ago

    I am wondering how many organizations were affected by this.

     






  • 18.  RE: Blackbaud Security Incident

    Posted 28 days ago
    Based on responses here, and account of organizations from the Facebook raisers edge group, I would guess several dozen at least. 






  • 19.  RE: Blackbaud Security Incident

    Posted 28 days ago
    Not all of us have commented in one place or the other yet.

    Joel Clasemann - '96 & '08
    Director of Advancement Services

    + 218-723-6479
    + jclasema@css.edu





  • 20.  RE: Blackbaud Security Incident

    Posted 28 days ago
    I have asked the specific question in this morning's webinar.  No answer yet.

    Dave Woodley, Chief Data Officer
    Unlock * Share * Connect
    Office of Data Services
    University of Alaska Foundation
    907-786-1373







  • 21.  RE: Blackbaud Security Incident

    Posted 28 days ago

    Yes, they are not asking specific questions. I asked a few.

     

    Mark

     

     

    Mark Zarbailov

    Senior Director of Advancement Services and

    Development Information Systems
    ---------------------------------------------------------- 

    Teachers College | Columbia University

    525 West 120th Street, Box 306

    New York, NY 10027

    P: 212.678.4031 | F: 212.678.3723
    E: mark.zarbailov@tc.columbia.edu

     

     

     






  • 22.  RE: Blackbaud Security Incident

    Posted 28 days ago

    Does anyone know if the keys were compromised.  I asked the question on behalf of my IT department but I haven't heard yet.

     






  • 23.  RE: Blackbaud Security Incident

    Posted 28 days ago
    They just answered this question. The keys were not compromised as they were stored in a separate location....

    Gerri Silveira
    University Advancement
    EOU Foundation
    541-962-3835


    Due to the effects of the COVID-19 pandemic, Eastern Oregon University has adjusted to remote access and has ultimately implemented a reduction to classified staff work hours. Your inquiry is very important to me and I will respond to you as quickly as possible. If you need immediate assistance, please contact University Advancement at 541-962-3740. Thank you for your understanding and patience as we move through these unprecedented times.








  • 24.  RE: Blackbaud Security Incident

    Posted 28 days ago
    According to Blackbaud keys were not in the scope of the attack


    Dave Woodley, Chief Data Officer
    Unlock * Share * Connect
    Office of Data Services
    University of Alaska Foundation
    907-786-1373







  • 25.  RE: Blackbaud Security Incident

    Posted 28 days ago
    I'm an administrator of the Facebook Raiser's Edge group. As we have fielded more than 100 new requests to join the Raiser's Edge Facebook group since yesterday morning, I would guess quite a few more than that!

    Ingrid Zepp
    Director, Advancement Operations
    Mary Baldwin University






  • 26.  RE: Blackbaud Security Incident

    Posted 28 days ago
    I was informed by BB that ResearchPoint was impacted. They didn't mention NXT or BB merchant services.





  • 27.  RE: Blackbaud Security Incident

    Posted 28 days ago
    We were told for us it included RE, FE, (including NXT), research point, and net community. 






  • 28.  RE: Blackbaud Security Incident

    Posted 28 days ago

    UC Davis got a notification regarding DonorCentrics data as well.  The lack of transparency is troubling.

     

    Best,

     

    Jessica LaBorde

    Assistant Vice Chancellor - Advancement Services

    UC Davis

    202 Cousteau Drive Suite 185

    Davis, CA 95618

    530.754.1127

    ais.ucdavis.edu

     

     

     

     






  • 29.  RE: Blackbaud Security Incident

    Posted 28 days ago
    Per my conversation with someone from the Consumer Success team, the DonorCentrics report is aggregate fundraising data from our institution.  There is no personal information from constituents.

    --

    Heather Post Breerwood, MBA '16

    Director, Advancement Information Services
    University Advancement
    Loyola University New Orleans
    7214 St. Charles Avenue
    Greenville Hall, Box 909
    New Orleans, LA  70118-3538
    PH: 504-861-5856

    C: 770-262-6423
    FAX: 504-861-5793






  • 30.  RE: Blackbaud Security Incident

    Posted 25 days ago
    Has anyone received information from Blackbaud disclosing the specific data points that were exposed for ResearchPoint?

    ------------------------------
    Jeff Harris | Manager, Development Data & Reporting
    University Hospitals | Institutional Relations & Development
    10524 Euclid Avenue, Cleveland, OH 44195
    Office 216.844.0473 | Email jeff.harris@uhhospitals.org
    ------------------------------



  • 31.  RE: Blackbaud Security Incident

    Posted 25 days ago

    This was question was asked several times during the webinar I attended on Friday. Regardless of product impacted, BB said they would not be able to provide a list of specific fields because everyone uses their products differently. However they confirmed that-with the exception of SSN and credit card fields-all fields in your production database were impacted.

     






  • 32.  RE: Blackbaud Security Incident

    Posted 28 days ago
    I think all organizations that are hosted by Blackbaud's data centers were affected. It appears that any organizations that are hosted by Microsoft Azure platform were not affected.

    ------------------------------
    Mark Zarbailov
    Teachers College, Columbia University
    mz2403@tc.columbia.edu
    ------------------------------



  • 33.  RE: Blackbaud Security Incident

    Posted 28 days ago

    I don't believe it was all hosted organizations.  We are hosted (only have NXT and do not use the online credit card processing yet) and did not receive any notifications.

     

    Karen Warr, MPA, GPC
    Director of Development Operations

    Desk:  503-617-3821

    Internal:  x2356

    Cell:  503-869-8290

     

    Pronouns: she/her/hers

     






  • 34.  RE: Blackbaud Security Incident

    Posted 28 days ago

    I worry that not everyone that should have received the notification. They said it went out to the org admin or if you didn't have one the main invoice contact. Yet ours went to one of my team who is neither of those and actually has very little interaction with Blackbaud. She in fact almost deleted the email thinking it was a phishing email.

     

    Luckily she decided to forward it to me just in case!

     

    April Snow, bCRE-Pro | Director, Donor Systems & Support | she/her/hers

    YMCA of Greater Seattle

    909 Fourth Avenue

    Seattle, WA 98104

    aksnow@seattleymca.org | (206) 382-4925

    seattleymca.org

     

    The Y: We're for youth development, healthy living and social responsibility.

     






  • 35.  RE: Blackbaud Security Incident

    Posted 28 days ago

    I checked with our Account Executive at Blackbaud this morning.  If you go to this link and it says the page requires additional permissions, then your organization was not affected. 

     

    https://host.nxt.blackbaud.com/incident-resources/

     

     

    Karen Warr, MPA, GPC
    Director of Development Operations

    Desk:  503-617-3821

    Internal:  x2356

    Cell:  503-869-8290

     

    Pronouns: she/her/hers

     






  • 36.  RE: Blackbaud Security Incident

    Posted 25 days ago
    Karen, 

    We were impacted but multiple staff members with Blackbaud IDs for ResearchPoint tried to access the incident response page and got that response.  Only our invoice contact was able to access the Resources page - so its not a perfect test....FYI in case it helps. 

    Maureen Barry (formerly Trafford)
    (she/her/hers)
    Senior Director of Advancement Services
    Alumnae Relations and Development
    33 Elm Street | Northampton, MA 01063
    413-585-2032 | mbarry@smith.edu








  • 37.  RE: Blackbaud Security Incident

    Posted 23 days ago
    Interested in number of institutions that have decided to contact their constituents, and the content of the messaging.
    Please share either directly or through this list,

    Thank you,

    ---------------------------------

    Barbara Sine
    Director of Advancement Services
    Newark Academy
    91 South Orange Avenue
    Livingston, NJ 07039

    (973) 992-7000 x362
    www.newarka.edu



    ------------------------------
    Barbara Sine
    bsine@NEWARKA.EDU
    ------------------------------