As a member of our broader Alzheimer Society family we are grateful to you for your support of people living with dementia and their care partners across Ontario. You are a vital part of the work we do – thank you.
We are reaching out today to let you know about a data security incident with a third-party vendor, Blackbaud, that may have involved your personal information. The Alzheimer Society takes the protection and proper use of your information very seriously. We want to inform you of what happened in the Blackbaud data security incident and what we know at this time. Blackbaud is the software provider of our donor records system, Raisers Edge.
On July 16th, 2020, we were notified by Blackbaud of a security incident within their organization that came to light in May. Since that time, Blackbaud have advised us that they have fully investigated, coordinated with appropriate law enforcement, and resolved the situation (i.e. patched the system vulnerability and implemented new security measures.)
We understand they discovered and stopped a ransomware attack. After discovering the attack, Blackbaud informs us that their security team successfully prevented the cybercriminal from blocking their system access and fully encrypting files; and ultimately expelled them from their system. However, prior to locking the cybercriminal out, a backup file containing constituent information was removed.
Based on their investigation, Blackbaud indicates they have no reason to believe the security incident led to the disclosure of personal information to any other source beyond the initial ransomware attack. After paying the cybercriminals a ransom, the data was returned to Blackbaud with assurances any copies they might have made of the data removed from the system were destroyed.
What We Know
It is important to note that the cybercriminals did not access credit card or banking information. There is also a significant amount of data that is encrypted within the system and would not be vulnerable to exploitation (i.e. Username, Passwords, and Financial Data).
What We Are Doing
Immediately on notification, we began our own investigation of the security incident to determine the full scope of the Alzheimer Society data that may have been at risk. We have been in constant communication with Blackbaud, other organizations across the sector and independent professionals to fully understand the situation as it relates to our donors.
What You Can Do
Stay alert to any third-party communications referencing your relationship with the Alzheimer Society. Access to your personal data puts you at higher risk for phishing attempts and communications from untrustworthy sources. As always, remain aware of your personal and financial data, monitoring your accounts for suspicious or unauthorized activity.
For More Information
We know that these types of incidents can cause concern and we want to assure you that we are doing everything we can to understand the full scope of the incident and to ensure your information is protected in the future. Should you have any further questions or concerns regarding this matter and/or the protections available to you, please do not hesitate to contact us at firstname.lastname@example.org.
Chief Executive Officer, Alzheimer Society of Toronto