Notice of Vendor Data Breach
The CUES Fund cares deeply about the privacy of our donors and strives, at all times, to be completely transparent. It’s because of this that I wish to inform you of a recent data security incident that occurred with Blackbaud (Raiser’s Edge), a third-party service provider that we utilize. Blackbaud recently notified us that in May of 2020, it discovered and stopped a ransomware attack on databases of non-profit organizations across the country, including a database that Blackbaud hosts for the CUES Fund.
Prior to Blackbaud locking the cybercriminal out of its system, the cybercriminal removed a copy of a subset of data which may have included your name, contact information, and a history of your relationship with us, such as donation dates and amounts. Blackbaud assured us that the cybercriminals did not access encrypted data such as credit or debit card numbers, Social Security numbers or bank account information. Blackbaud paid the cybercriminal’s demand after confirming that the copy of data the cybercriminal had removed had been destroyed.
Blackbaud immediately contacted law enforcement to notify them of this attack. After a thorough investigation, law enforcement concluded that there was no reason to believe that any data was or will be misused, or will otherwise be made available publicly.
As a best practice, we recommend you remain vigilant and promptly report any suspicious activity on your accounts to us and to the proper law enforcement authorities. We value your relationship with the CUES Fund and we share your concern about this incident. Blackbaud has implemented changes to its security controls to better protect against a potential future attack.
We apologize for any inconvenience this may cause you. Should you have any further questions or concerns regarding this matter, please contact me personally at (402) 451-5755 or via email at bobg@cuesomaha.org.