Information about a third party
We have received a notification from Blackbaud, the software provider of our customer management software, about a breach of their security systems relating to data that they held of some of our supporters. Blackbaud are one of the largest providers of customer relationship management systems in the charity and education sectors.
Blackbaud alerted us, only two weeks ago, that they had suffered a ransomware attack in May 2020 and stopped the attack with the help of independent forensics experts and law enforcement. Nevertheless, prior to Blackbaud locking the cyber criminals out, the criminals removed a copy of a subset of data from their environment, which included some BirdLife data. We can confirm that BirdLife International does not hold credit card or bank details, therefore none of these were stolen.
We have contacted everyone whose data was involved in this directly by email or post. There is no action that you need to take at this time, but always recommend that you continue to take the usual steps maintaining caution against fraud.
What information was involved?
Basic personal details such as name, address, telephone number and email addresses. In some cases, dates of birth, spousal information and a record of your engagement with BirdLife International e.g. gifts given, events attended.
Based on the nature of the incident, their research, and the third party law enforcement investigation, Blackbaud has assured us that there is no reason to believe any data went beyond the cybercriminal, was or will be misused or disseminated or made available publicly. You can find out more information directly from Blackbaud themselves at www.blackbaud.com/securityincident
We are sorry for any concern this may cause to those involved. We are continuing to work with Blackbaud to investigate this matter, and are reviewing our relationship with this supplier.
If you do have any questions, please contact firstname.lastname@example.org or telephone +44 (0)1223 277318.