August 2020 Update: Data Breach Notification

Security Incident Notification

To maintain our database of constituent information, including donors, we use Blackbaud, a highly regarded cloud-based service provider which houses publicly available information such as your name and address, alongside your giving history to Wayfinders, if applicable. This database does NOT include sensitive information such as Social Security numbers, credit card or financial institution information.

Blackbaud has notified us of a data security incident that may have involved your personal information. Wayfinders takes the protection and proper use of your information very seriously. We are therefore contacting you to explain the incident and provide you with steps you can take to protect yourself.

What Happened

We were recently notified by Blackbaud of a security incident. At this time, we understand they discovered and stopped a ransomware attack. After discovering the attack, Blackbaud’s Cyber Security team—together with independent forensics experts and law enforcement— successfully prevented the cybercriminal from blocking their system access and fully encrypting files; and ultimately expelled them from their system. Prior to locking the cybercriminal out, the cybercriminal removed a copy of our backup file containing your personal information. This occurred at some point beginning on February 7, 2020 and could have been in there intermittently until May 20, 2020.

What Information Was Involved

It’s important to note that the cybercriminal did not access your credit card information, bank account information, or social security number. However, we have determined that the file removed may have contained your demographic information including customer and donor names, physical and email addresses, telephone numbers, and giving history.

Blackbaud informed us that the company paid the cybercriminal’s ransom and received confirmation that the stolen data had been destroyed.

Based on the nature of the incident, their research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly.

What Blackbaud and Wayfinders are Doing

We are notifying you so that you can take immediate action to protect yourself. Ensuring the safety of our constituents’ data is of the utmost importance to us. As part of their ongoing efforts to help prevent something like this from happening in the future, our third-party service provider has already implemented several changes that will protect your data from any subsequent incidents.

What You Can Do

As a best practice, we recommend you remain vigilant and promptly report any suspicious activity or suspected identity theft to us and to the proper law enforcement authorities. The North Carolina Attorney General’s Office publishes resources and advice for consumers affected by a data breach:  https://ncdoj.gov/protecting-consumers/protecting-your-identity/protect-your-business-from-id-theft/security-breach-information/security-breach-advice/.

It includes telephone numbers for the three major credit reporting bureaus where you can request a fraud alert:

Equifax 1-800-525-6285
Experian 1-888-397-3742
TransUnion 1-800-680-7289

You may also contact the North Carolina Department of Justice at:

114 West Edenton Street
Raleigh, NC 27603
p: (919) 716-6400

We sincerely apologize for this incident and regret any inconvenience it may cause you. Should you have any further questions or concerns regarding this matter and/or the protections available to you, please do not hesitate to contact Wayfinders directly.

Mollie James
Executive Director
mjames@wayfindersnc.org