At SMART Reading, we value our relationship with our donors, alumni, and other supporters, and we understand the importance of protecting your personal information. We are writing to inform you about a data security incident that may involve some information that you provided to SMART Reading.
SMART Reading utilizes certain software applications provided by Blackbaud, a software and service provider that is used for fundraising and alumni or donor engagement efforts at non-profits world-wide. On July 16, 2020, Blackbaud provided notice to SMART that Blackbaud had recently experienced an incident impacting its clients across the world, including certain Blackbaud applications used by SMART Reading.
Blackbaud’s notice informed us that:
- Blackbaud identified an attempted ransomware attack in progress on May 20, 2020
- Blackbaud apparently stopped the ransomware attack
- Blackbaud engaged forensic experts to assist in their internal investigation of the incident
- Blackbaud informed us that this investigation concluded that the threat actor intermittently removed data from Blackbaud’s systems between February 7, 2020 and May 20, 2020.
- According to Blackbaud, they paid the threat actor to ensure that the data was permanently destroyed.
Over the last month, we’ve been working with Blackbaud to gather additional details and confer with our legal counsel to ensure we have all the necessary information to best protect you and your data.
What Information Was Involved
Blackbaud has informed us that the information removed by the threat actor may have included certain
demographic information, contact information, and/or philanthropic giving history. However, Blackbaud has
informed us that much of the philanthropic giving history is already publicly-available information. Blackbaud has also informed us that the threat actor did not gain access to bank account information, user names, passwords, or social security numbers stored in Blackbaud’s system because that information was encrypted by Blackbaud.
What We Are Doing
As soon as we received notice from Blackbaud of this incident, we immediately began working with Blackbaud to identify additional safeguards to help prevent a recurrence of such an incident. Blackbaud told us that they took action to identify the vulnerability associated with this incident and informed us that they are taking action to remedy such vulnerabilities. In particular, Blackbaud has informed us that as a result of testing by multiple third parties, they believe their remedial actions have provided the fix needed to withstand future attack tactics similar to this incident. Blackbaud has also informed us that they are augmenting their efforts to strengthen their overall security controls.
What You Can Do
According to Blackbaud, there is no evidence to believe that any data will be misused, disseminated, or otherwise made publicly available. Blackbaud indicates that it has hired a third-party team of experts, including a team of forensic accountants, to continue monitoring for any such unauthorized activity. While Blackbaud does not believe there is any current evidence that your personal information has already been misused, we encourage that you always remain vigilant to the possibility of fraud or any other suspicious activity involving your personal information.
In particular, you should always remain vigilant in reviewing your financial account statements and credit reports for fraudulent or irregular activity on a regular basis and report any suspicious activity to the proper financial institution or other authorities. This includes credit cards, because certain major credit card companies have rules that restrict them from requiring you to pay for fraudulent charges that are timely reported. Also, we encourage you to review the additional information outlined below in the “Additional Steps You Can Take” section for additional steps you can take to protect yourself.
For More Information
We greatly apologize for any inconvenience or concern this may have caused. We are committed to protecting your personal information that is in our possession, and we want to assure you that we have policies and procedures to protect your privacy. If you have questions or would like additional information as to whether your personal information was subject to the unauthorized access, please email Beth Katona, Director of Development Operations at bkatona@SMARTReading.org.
SMART Reading Executive Director
Additional Steps You Can Take
It is recommended that you remain vigilant for incidents of fraud or identity theft by reviewing and
monitoring your account statements and free credit reports for any unauthorized activity. As a preventative step, you may want to obtain a copy of your credit report once every 12 months from one or more of the main nationwide credit reporting companies. Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission recommends that you check your credit reports periodically. A victim’s personal information is sometimes held for use or shared among a group of thieves at different times. Thus, checking your credit reports periodically can help you spot problems and address them quickly.
Please visit www.annualcreditreport.com for more information about your annual free credit report as
authorized by federal law. Contact information for the three main nationwide credit reporting companies
is as follows:
- Equifax, PO Box 740241, Atlanta, GA 30374, www.equifax.com, 1-800-685-1111
- Experian, PO Box 2002, Allen, TX 75013, www.experian.com, 1-888-397-3742
- TransUnion, PO Box 2000, Chester, PA 19016, www.transunion.com, 1-800-916-8800
If you believe you are the victim of identity theft or have reason to believe your personal information has
been misused, you should promptly contact your financial institution. We also recommend that you
immediately contact the Federal Trade Commission and/or the Oregon Attorney General’s office. Contact
information for the Federal Trade Commission is as follows:
Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW
Washington, DC 205801-877-IDTHEFT (438-4338), www.ftc.gov/idtheft
You can obtain information from these sources about steps an individual can take to avoid identity theft
as well as information about fraud alerts and security freezes on your credit files. Please keep in mind that if you place a security freeze, you will not be able to borrow money, obtain credit, or get a new credit card
until you temporarily lift or permanently remove that freeze.
In addition, if you believe your information has been misused or you are the victim of identity theft, you
should also contact your local law enforcement authorities and file a police report. Obtain a copy of the
police report in case you are asked to provide copies to creditors to correct your records.