Bonnie Brae Notifies Individuals of Blackbaud Data Security Incident

LIBERTY CORNER, NJ, October 13, 2020 – Bonnie Brae, a non-profit organization, recently learned that Blackbaud, a third-party service vendor used for accounting services at non-profits worldwide, was the subject of a data security incident. This was a wide-reaching security event that involved data of many of Blackbaud’s clients around the world, including certain personal information of Bonnie Brae residents. Bonnie Brae takes seriously the security of our residents’ personal information, and is notifying affected individuals and providing them with steps they can take to protect themselves.   On July 16, 2020, Blackbaud reported to Bonnie Brae that it had identified a ransomware attack in progress on May 20, 2020. Blackbaud informed Bonnie Brae that they stopped the ransomware attack and engaged forensic experts to assist in Blackbaud’s internal investigation. That investigation concluded that cybercriminals intermittently removed data from Blackbaud’s systems between February 7, 2020 and May 20, 2020. According to Blackbaud, the data was permanently destroyed and they have assured Bonnie Brae that they closed the vulnerability that allowed the incident.   Upon learning of the issue, Bonnie Brae requested detailed information from Blackbaud about the nature and scope of the incident and engaged experts to assist Bonnie Brae in determining what information was potentially impacted and steps Bonnie Brae can take to mitigate harm to Bonnie Brae’s residents from this incident at Blackbaud. On September 4, 2020, it was determined that the information potentially compromised during this incident may have included personal information of some Bonnie Brae residents, including full names and Social Security numbers. Importantly, this incident does not impact individuals’ financial account information and/or payment card information, which were not exposed. In addition, the Bonnie Brae electronic health record system was not impacted by this incident. According to Blackbaud, there is no evidence that any data has been misused, disseminated, or otherwise made publicly available. Nevertheless, Bonnie Brae encourages impacted individuals to take actions to help protect their personal information. These actions include placing a fraud alert and/or security freeze on their credit files, and/or obtaining a free credit report. Additionally, individuals should always remain vigilant in reviewing their financial account statements, explanation of benefits statements and credit reports for fraudulent or irregular activity on a regular basis and report any suspicious activity to the proper authorities. Bonnie Brae is also offering credit monitoring services to individuals whose Social Security numbers were impacted. The security of our residents’ information is Bonnie Brae’s top priority, and we deeply regret any worry or inconvenience the Blackbaud incident may cause. Blackbaud has assured Bonnie Brae that they closed the vulnerability that allowed the incident, and that they are enhancing their security controls and conducting ongoing efforts against incidents like this in the future. Bonnie Brae remains fully committed to maintaining the privacy of personal information in its possession and has taken many precautions to safeguard it, including continually evaluating and modifying its practices, and those of its third party service providers, to enhance data security.   For more information about this data security event, Blackbaud released a public statement acknowledging this incident and describing its cybersecurity practices, available at www.blackbaud.com/securityincident.   For further questions about this incident, or to determine if you are affected, you may contact the dedicated response line at 1-888-665-6553, available Monday through Friday, 8 a.m. to 5 p.m. Eastern Time.