Thank you very much for your support of women and children who seek refuge from violence. The success of our mission to assist women and children to live free from abuse, homelessness, and poverty is dependent on the kindness of donors and volunteers.
We are reaching out to let you know about a data security incident with a third-party vendor, Blackbaud, which may have involved your personal information.
Blackbaud is one of the world’s largest providers of software for non-profits and charities. The Redwood uses e-Tapestry, Blackbaud’s donor and volunteer records system.
On July 16th, 2020, The Redwood was notified by Blackbaud that in May, it discovered and stopped a ransomware attack on its system. In a ransomware attack, cybercriminals attempt to disrupt a company’s business by locking it out of its own data and servers. Working with its cyber security team, third-party forensic experts, and law enforcement, Blackbaud blocked the cybercriminal from encrypting its files and expelled the cybercriminal from its system.
Unfortunately, as part of the attack, the cybercriminal was able to remove a copy of back up files from many organizations around the world, including those of The Redwood. Blackbaud has informed us that it paid the cybercriminal’s demand and according to the update provided to us, the relevant data removed by the cybercriminal was destroyed. Blackbaud has advised that its forensic experts are monitoring what is called the ‘dark web’ for any of the stolen data, and that at this time there is no sign of any further unauthorized activity.
What kind of information was involved?
Blackbaud has confirmed that the cybercriminal did not gain access to any credit card information or bank account information.
However, the files removed may have contained:
- Your name
- Date of birth, if you provided it to us
- Your contact information, including postal and email addresses and phone number
- Your donation history, including amounts and donation dates (as explained above, no credit card or financial information was accessed)
- Our communication history with you including thank you calls and letters, donation requests, distribution of newsletters and annual reports
- Your communication and donor recognition preferences
- Your volunteer participation and interests, if applicable
- Your event participation, if applicable
- Photos (e.g., taken at our events or publicly available which we include to personalize your file)
What we are doing:
We sincerely apologize for this incident and regret any concern it may cause. Along with communicating with you, we are emailing or mailing everyone for whom we have up-to-date contact information. The Redwood is also in contact with Blackbaud regarding any further details of this situation and Blackbaud has confirmed that it has implemented changes to prevent this from happening again.
What you can do:
Access to your personal data puts you at higher risk for phishing attempts (i.e., emails from untrustworthy sources). For example, someone could impersonate The Redwood to solicit funds from you. The Redwood will be sending out a newsletter in August, an Impact Report in September/October, and a holiday appeal in November/December. We will also be sending out emails with volunteer updates. If you receive a suspicious email claiming to be from The Redwood, please contact us immediately.
We recommend that you remain aware of your personal and financial data, and continue monitoring your accounts for suspicious or unauthorized activity.
For more information:
If you would like more information about the incident, Blackbaud has published details online: https://www.blackbaud.com/securityincident. If you have any other concerns or questions, please contact us at email@example.com.
We value the trust of our community of donors and volunteers and want to thank all our supporters for their past and continued support of The Redwood.
Abi Ajibolade, Executive Director, The Redwood
Catherine May, Director, Fundraising and Communications, The Redwood