To our valued clients and friends,
We hope this finds you well during these challenging times. We want to apprise you regarding a computer security incident recently experienced by one of our vendors and to provide assurances on how we safeguard your financial information.
Because the Presbyterian Foundation serves many donors and beneficiaries and works with numerous churches and church institutions, we, along with many non-profit organizations, utilize Blackbaud software to manage our client information. We learned on July 16, 2020, that Blackbaud was the victim of a ransomware attack. Unfortunately, we are among many that are impacted by this incident. Immediately after receiving notification from Blackbaud, we launched an intensive investigation of the incident, which included reviewing Blackbaud’s investigative documentation, communicating with Blackbaud directly, and discussing this incident with cybersecurity experts.
Blackbaud reported that they stopped the cybercriminals from locking access to their systems and affected customer data. Blackbaud also informed its customers that the cybercriminals removed a subset of the data from the Blackbaud systems. Blackbaud reported to us that “The cybercriminal did not access credit card information, bank account information, or social security numbers. Because protecting our customers’ data was our top priority, we [Blackbaud] paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed.” According to Blackbaud, data accessed by the cybercriminal may have contained public information such as name, title, date of birth, spouse, phone numbers and email addresses. Blackbaud reports that they are continuing to search the dark web to make certain that this data does not appear – and, to date, there are no occurrences of such.
As we continue to press for a more thorough investigation, we will keep you informed as we learn more and as we receive additional information from Blackbaud. Please know that, in an abundance of caution, we have changed our system and user passwords to further protect your information. Your trust, confidence and information security are our utmost priority, and we will continue vigorously to work to protect those. Our policies and procedures are diligently implemented by staff and then reviewed for proper internal controls by our Board of Trustees, our internal auditors, and our independent auditors.
COVID-19 seems to have heightened the number of cybersecurity incidents during our new normal of life. During these times, we urge you to be extra careful, watch your financial accounts closely, and contact us if you experience anything suspicious. It is also a good practice to slow down before clicking on links or even opening emails. When in doubt, it is always best to pick up the phone and make personal contact with the supposed sender of the email before clicking a link.
We hope this provides you with comfort that the information you have entrusted to us is secure. Please feel free to call us at 800-858-6127, ext. 3041, and let us know if you have further questions regarding this issue. We are here to help and serve you.
May our God continue to bless you and keep you safe and healthy during these times.
Rev. Dr. Thomas F. Taylor
President and CEO