Notice of Blackbaud Data Security Incident
November 20, 2020
Thank you for being a loyal supporter and friend to Children’s Hospital Colorado Foundation (the “Foundation”). The Foundation has been made aware of a data incident by Blackbaud, one of our vendors, and in turn wants to ensure that our community is aware of the incident as well. Blackbaud is a cloud database and fundraising management tool that provides services to many healthcare fundraising organizations.
On July 16, 2020, Blackbaud notified us, as well as hundreds of other organizations that use its products, that it was impacted by a ransomware event. According to Blackbaud, from February to May 2020, ransomware was deployed within Blackbaud’s environment and some of its data was taken from its systems. Blackbaud encrypts most of the data it stores, but some of the less sensitive fields, free text fields, and attachments are left unencrypted. Blackbaud’s explanation of the incident can be found here: https://www.blackbaud.com/securityincident.
Unfortunately, the Foundation was one of the organizations whose information was impacted. Upon learning of the incident, the Foundation promptly investigated the incident and identified the individuals whose information may have been involved. The Foundation determined that the potentially impacted information included name, date of birth, and for a limited number of individuals, Social Security number and financial account information. The Foundation notified the potentially involved individuals of this incident on December 1, 2020.
As a precautionary measure, the potentially involved individuals should remain vigilant about protecting themselves against potential fraud or identity theft by, among other things, reviewing their account statements and monitoring credit reports closely. If individuals detect any suspicious activity on an account, they should promptly notify the financial institution or company with which the account is maintained.
Potentially involved individuals may also wish to review the tips provided by the Federal Trade Commission (“FTC”) on fraud alerts, security/credit freezes and steps that they can take to avoid identity theft. For more information and to contact the FTC, please visit www.ftc.gov/idtheft or call 1-877-ID-THEFT (1-877-438-4338). These individuals may also contact the FTC at: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
Contact information for the three national credit reporting agencies is as follows:
P.O. Box 740241
Atlanta, GA 30374
P.O. Box 2002
Allen, TX 75013
P.O. Box 2000
Chester, PA 19016
We are so grateful for your support, which makes world-class care for kids possible. We also value the trust you place in us and take our responsibility to safeguard your personal information seriously. We apologize for any inconvenience or concern this incident involving Blackbaud might cause. We are committed to taking steps to help prevent this from happening again, including reviewing our relationship with Blackbaud and the technical controls they have in place for securing our data. For further assistance, please contact Frank Dean at 720-777-1756 or by email at [email protected] from 8 to 5, Monday – Friday.