Dear FMSC Supporter:
The privacy and security of the personal information we maintain is of the utmost importance to Feed My Starving Children. We are writing with important information regarding a recent data security incident at Blackbaud, a third party service provider, which may have involved some of the information that you provided to Feed My Starving Children. Blackbaud is a software and service provider that is widely used for fundraising and alumni or donor engagement efforts at non-profits world-wide. Feed My Starving Children uses Blackbaud applications, and Blackbaud recently experienced an incident impacting their applications. We want to provide you with information about the incident and let you know that we continue to take significant measures to protect your information.
On July 16, 2020, Blackbaud notified Feed My Starving Children of a security incident that impacted its clients across the world. Blackbaud reported to us that they identified an attempted ransomware attack in progress on May 20, 2020. Blackbaud informed us that they stopped the ransomware attack and engaged forensic experts to assist in their internal investigation. That investigation concluded that the threat actor intermittently removed data from Blackbaud’s systems between February 7, 2020 and May 20, 2020. According to Blackbaud, they paid the threat actor to ensure that the data was permanently destroyed.
What We Are Doing.
Upon learning of the issue, we commenced an immediate and thorough investigation. That investigation is still ongoing. As part of our investigation, in addition to demanding detailed information from Blackbaud about the nature and scope of the incident, we engaged cybersecurity professionals experienced in handing these types of incidents.
What Information Was Involved.
We have determined that the information removed by the threat actor may have included demographic information, contact information, and/or philanthropic giving history, such as donation dates and amounts. Your Social Security number, financial account information and/or payment card information were not exposed, as they were properly encrypted.
What You Can Do.
According to Blackbaud, there is no evidence to believe that any data will be misused, disseminated, or otherwise made publicly available. Blackbaud indicates that it has hired a third-party team of experts, including a team of forensics accountants, to continuing monitoring for any such activity. Although there is no evidence to believe your data was misused, you should always remain vigilant in reviewing your financial account statements and credit reports for fraudulent or irregular activity on a regular basis and report any suspicious activity to the proper authorities.
For More Information.
We are fully committed to maintaining the privacy of information in our possession and have taken many precautions to safeguard it. Blackbaud has assured us that they closed the vulnerability that allowed the incident and that they are enhancing their security controls and conducting ongoing efforts against incidents like this in the future. We continually evaluate and modify our practices, and those of our third party service providers, to enhance the security and privacy of your information.
For questions regarding this incident, please contact firstname.lastname@example.org or call 763-267-6327 to leave a voice mail message. Someone will respond to your email or message as quickly as possible but no later than within one business day.
Daniel B. Stennes-Rogness
VP of Finance and CFO
Feed My Starving Children