Notice of Data Breach – Update
On Thursday 16 July 2020 David Shepherd Wildlife Foundation (DSWF) was alerted to a cyberattack at one of our service providers, Blackbaud, who provide CRM solutions for many not for profits across the world, including DSWF. Blackbaud have explained that the incident began in February 2020, when a cybercriminal accessed Blackbaud’s system, and continued until May 2020 when Blackbaud discovered the breach and alongside their own security teams worked with an external forensics firm and federal law enforcement and were able to expel the hacker from their system. During this time the cybercriminal was able to obtain a copy of backup data from the Raisers Edge database, which Blackbaud subsequently paid a ransom to the hacker to have deleted. Unfortunately, DSWF was one of a number of organisations impacted by this breach. Additional information on this incident is available on their website here. On Tuesday 29th September, we were informed by Blackbaud that a number of their customers were found to have had further information, including encrypted fields meant for bank account details and social security numbers, usernames, and/or passwords, taken. Blackbaud have reassured DSWF that our data was NOT part of this further breach.
What information was involved?
The database affected held supporter information, including names, contact information and details of the relationship with DSWF. This potentially includes giving history, event attendance, gift aid status and forms, correspondence and biographical details such as date of birth and more, however not all of these details were present in every record. Credit card information and bank account details were not impacted and DSWF does not hold this information on its database.
Based on the nature of the incident, Blackbaud’s research and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused or will be disseminated or otherwise made available publicly.
What we are doing?
DSWF takes its data protection responsibilities and the security of its database of supporters extremely seriously and as such we have closely followed all information provided by Blackbaud to ensure we are kept up to date and have reported this breach to the Information Commissioners Office and the Charities Commission. We continue to monitor all information from Blackbaud closely. Even though Blackbaud have assured their customers that they believe the risk to individuals whose data was stolen is very low, they have teams who continue to monitor the dark web to
detect for any transmission of data. We will notify individuals if we feel it is appropriate or if it becomes necessary to do so.
Blackbaud have assured us that new safeguards have been put in place to prevent this happening again.
DSWF will update this notice with any further information should it be presented.
We are sorry for any inconvenience caused by this data breach by Blackbaud. We would like to reassure our supporters that we take data protection very seriously and we are grateful for your continued support. If you have any further concerns please do contact DSWF on firstname.lastname@example.org and we recommend that all supporters continue to take the usual steps to remain vigilant and to report anything suspicious to the proper law enforcement authorities.