Data Breach May Have Affected Some Rochester YMCA Accounts
Rochester, MN (KROC AM News) - Donors of the Rochester YMCA have been notified of a data breach that may have affected their personal information.
The alert was sent by YMCA of the North, the Twin Cities organization the Rochester Y is a member of.
The target of the ransomware breach was a software vendor that works with the YMCA. It also affected an unknown number of nonprofit, academic and healthcare organizations around the world.
The breach apparently took place between February and May, when it was discovered. The vendor paid the hacker an unknown amount of money and notified the YMCA of the breach July 16th. The YMCA immediately began its own investigation.
It was told the breach may have given the hacker access to account information that includes names, addresses and gift history. Only YMCA donors were affected.
The vendor has informed the YMCA there is no evidence yet that the breached data has been released.
Here is the email that was sent:
August 25, 2020
Dear valued YMCA of the North Donor:
We are writing to let you know of a data security incident that may have involved some of your personal information. The YMCA of the North takes the protection and proper use of your information very seriously; therefore, we are contacting you to explain the incident.
We were recently notified by Blackbaud Inc., one of our software application vendors, of a security incident in which they experienced an attempted ransomware event. Blackbaud’s applications host data for numerous colleges, universities, health care organizations, foundations and other non-profit organizations around the world, including YMCA of the North. Upon learning of the incident, Blackbaud commenced an investigation and concluded that the cybercriminals removed backup files from Blackbaud’s platform. Blackbaud believes that the theft of data occurred between February and May of 2020. Blackbaud discovered the incident in May of 2020, conducted an investigation, and notified YMCA of the North on July 16th, 2020.
As soon as YMCA of the North was informed, we opened our own investigation. That investigation is ongoing. Although we do not yet have a complete picture of the data that exists in our backup files that were impacted, we know that those files contained your name, physical address, email address, and gift history. At the conclusion of our investigation, we will send a separate communication directly to those whose personal information is affected.
Blackbaud paid the ransom amount to the threat actor and in exchange received confirmation and assurances that the data removed from Blackbaud’s applications has been destroyed. Blackbaud worked with law enforcement and third-party experts whose opinion is that these assurances are credible. Blackbaud has hired outside experts to continue to monitor the Internet, including the “Dark Web,” and they have found no evidence that any information was ever released by the threat actor. Furthermore, Blackbaud plans to continue such monitoring activities for the foreseeable future.
We sincerely regret any inconvenience this incident may cause you. We also appreciate your patience and consideration as we continue to investigate this matter to determine the nature and scope of its impact on our community. Please refrain from contacting us with any questions until we have notified you that we have completed our investigation. We will provide a contact phone number to call with questions at that time.
Senior Vice President, Mission Advancement