Cornerstones of Care was recently notified by one of our third-party service providers, Blackbaud, that the company was the victim of a ransomware attack. Blackbaud is one of the world’s largest providers of cloud-based fundraising and finance services for not-for-profit organizations. The cybercriminal was able to remove information belonging to several of Blackbaud’s clients, including Cornerstones of Care.
Please be assured that we do NOT store Social Security numbers or bank account information, and therefore none of this was part of this data security incident.
Data accessed by this attack may have contained information pertaining to your relationship with Cornerstones of Care, including a summary of philanthropic giving, program support interests, and information such as name, address, title, date of birth, email, spouse/partner information and phone numbers.
To protect customer data and mitigate potential identity theft, Blackbaud confirmed it met the cybercriminal’s ransomware demand, paid the ransom and received assurances from the cybercriminal and third-party experts that the data was destroyed. Blackbaud has been monitoring the dark web in an effort to verify the data accessed by the cybercriminal has not been circulated with no indications that the information is available.
We do not believe there is a need for you to take any action at this time. As a best practice, we do recommend you remain vigilant and promptly report any suspicious activity or suspected identify theft to the proper law enforcement authorities.
Cornerstones of Care takes the protection of donor information very seriously. This cyberattack is concerning to us and to the many other nonprofit organizations impacted by it as well. We continue to meet regularly with our technology experts, legal counsel and risk management staff to monitor this incident and conduct assessment of risk tests, and we remain committed to taking proper precautions moving forward and ensuring a high level of due diligence in communicating with our valued community partners, like you.
This FAQs page provides additional information and will be updated should we learn more. We sincerely regret any inconvenience this incident may cause you. Should you have additional questions, please email us at privacy@cornerstonesofcare.org.
On July 16, Blackbaud notified us and many other clients of a data security incident affecting nonprofit organizations, healthcare systems and higher education institutions across the United States, Canada and Europe. Blackbaud is one of the world’s largest providers of cloud-based fundraising and finance services for not-for-profit organizations, like Cornerstones of Care.
This data security incident occurred sometime between March and May of 2020. Blackbaud informed us that they discovered and stopped a ransomware attack and, with the help of independent forensics experts and law enforcement, successfully prevented the cybercriminal from blocking or encrypting files.
However, the cybercriminal was able to remove data belonging to several of their clients. This included information about donors to Cornerstones of Care used for fundraising purposes.
Please be assured that we do NOT store Social Security numbers or bank account information, and therefore none of this was part of this data incident.
A detailed forensic investigation was undertaken, on behalf of Blackbaud, by law enforcement and third-party cyber security experts. Data accessed by the cybercriminal in the Blackbaud database specific to donors of Cornerstones of Care may have contained some of the following information:
Blackbaud has informed us that in order to protect constituent’s data and mitigate potential identity theft, it met the cybercriminal’s ransomware demand and received assurances from the cybercriminal and third-party experts that the data was destroyed. Blackbaud continues to monitor the dark web in an effort to verify the data accessed by the cybercriminal has not been misused. In addition, Blackbaud reports that it is implementing enhanced security controls to protect its customer’s data.
We immediately launched our own investigation and have taken the following steps:
An internal team of agency leadership including the Chief Operating Officer, Chief Information Office, Chief Development Officer, Chief Financial Officer, Vice President of Administration, and Director of Technology to Practice is meeting regularly with our technology partner, Netsmart, and its experts, in addition to cybersecurity legal counsel.
Please be assured that Cornerstones of Care was not asked to and did not pay any part of the ransom paid by Blackbaud.
The Cornerstones of Care Board of Directors and Cornerstones of Care Foundation Board of Directors have been informed of our response throughout the process.
We do not believe there is a need for you to take any action at this time. Although there is currently no evidence that your information has been misused, as a best practice we recommend that you remain vigilant and promptly report any suspicious activity or suspected identity theft to the proper authorities.
Blackbaud said the ransomware attack occurred earlier this year between March and May, 2020.
Blackbaud is one of the world’s largest providers of cloud-based fundraising and finance services for not-for-profit organizations. More information is available here.
For more information on this incident, please contact privacy@cornerstonesofcare.org.
