On Friday, July 17, 2020, MEDA received notification from Blackbaud that they discovered and stopped a ransomware attack which occurred in May of 2020. Raiser’s Edge, a product owned by Blackbaud, is a system that MEDA has used for many years to store our donor data. A copy of a backup file was stolen and Blackbaud paid the ransom to get it back. They have received assurances that the data was deleted, and they have assured us that it has not appeared on the public internet in the intervening time.
The information that was compromised did not include SIN/ SSN, credit card or banking information for any of our donors. Please note that none of MEDA’s donor data has been damaged or destroyed in any way. You can read more about Blackbaud’s response online.
All impacted individuals have been contacted directly. This incident has been reported to the relevant privacy commissioners in Canada and the European Union.
Going forward, Blackbaud has already implemented several changes that will protect client data from another incident. They have confirmed through testing by multiple third parties, including the appropriate platform vendors, that their fix withstands all known attack tactics. MEDA will continue to work closely with Blackbaud to mitigate any further risk of exposure. Ensuring the safety of our donor data is of the utmost importance to us, and we sincerely apologize for this incident and regret any inconvenience and worry it may cause you.
Should you have any further questions or concerns regarding this matter, please do not hesitate to contact Michael White, Chief Marketing & Development Officer at firstname.lastname@example.org, or Neil Denison, MEDA’s Privacy Officer at email@example.com