Threads of Life has reached out to our broader Threads of Life community to let them know of a data security incident that may have involved their personal information.
Threads of Life (formally, the “Association for Workplace Tragedy Family Support”) takes your privacy and the protection of your information very seriously. We want to inform you of what happened, how it may affect you, and what we are doing about it.
What Happened:
Threads of Life uses a third party vendor called Blackbaud to provide an online donor and member records system. In late July, Blackbaud notified Threads of Life and many other nonprofits that it had discovered a ransomware attack. In a ransomware attack, cybercriminals attempt to lock a company out of its own data and servers, and demand a ransom to return access.
Blackbaud informs us their cyber security team, along with independent forensics experts and law enforcement, prevented the cybercriminal from blocking their access and fully encrypting files, and expelled the cybercriminal from Blackbaud’s systems. However, before being expelled, the cybercriminal removed a backup file containing information from a number of nonprofits around the world. Blackbaud paid the cybercriminal’s demand in return for confirmation that the copy they removed had been destroyed.
How You May Be Affected:
Blackbaud has assured us that data such as credit card numbers, usernames and passwords were not compromised. Data that may have been affected includes contact information such as names, email addresses, telephone numbers and addresses. Based on their internal investigation as well as third-party investigations, including law enforcement, Blackbaud does not believe any data went beyond the cybercriminal or will be misused or disseminated. Blackbaud has contracted with cybersecurity experts to monitor for any usage of the data that was taken.
What Threads of Life is Doing:
In addition to notifying our community, we have raised this issue to the attention of our non-profit’s Board of Directors, and are also taking steps to ensure that our third-party service providers (like Blackbaud) are capable of meeting appropriate security standards.
Blackbaud’s security team were able to quickly identify the vulnerability associated with this incident, including the tactics used by the cybercriminal, and have confirmed through testing by multiple third parties, including the appropriate platform vendors, that the vulnerability has been fixed.
What You Can Do:
The cybercriminals did not access credit card or banking information. While we understand that the malicious actors are no longer in possession of the information extracted, you should practice good security by monitoring your email as usual for any unauthorized activity or suspicious messages. Stay alert to anyone who contacts you impersonating Threads of Life.
We very much value the trust you place in Threads of Life, and we are doing everything we can to understand this incident and to further protect your information. If you have questions regarding this matter, please don’t hesitate to contact us.
Shirley Hickman