Data Security Message From the Diocese of Bridgeport

August 3, 2020 | Foundations in Education | News

August 3, 2020

Dear Friend,

The Diocese of Bridgeport, and its partner organizations, Foundations in Education and Catholic Charities of Fairfield County, value the partnership that we share in support of our mission. A significant piece of that partnership is respecting and protecting your personal information. For this reason, we are reaching out on behalf of all three organizations as a precautionary measure regarding a data security issue involving one of our vendors, Blackbaud. The Diocese and its partners use Blackbaud’s platform for fundraising and communications with supporters, as do hundreds of other non-profit organizations.

Blackbaud has informed us, along with their many other customers, of a ransomware attack that may have involved your personal information. We want to share with you what we know about the incident as well as details on the possible information that was involved. We also want to stress that our highest priority is to ensure that your information is protected.

Please be assured that we do not keep social security, bank account information or credit card information in the Blackbaud system.

In mid-July, Blackbaud notified its clients that it had experienced a global security incident that apparently occurred between February and May of 2020. Blackbaud indicated that cybercriminals attacked their systems and copied a subset of data from their databases. The cybercriminals demanded a ransom, which Blackbaud paid in exchange for the confirmed destruction of the copy of the information that was stolen. The statement we received from Blackbaud about this incident is available here.

Blackbaud further indicated that the attackers could not access usernames, passwords, and other information because of the security controls they use to protect this sensitive data, namely encryption. In our independent investigation, we have determined that possible information involved may have included donors’ names, email and mailing addresses, birth dates, phone numbers and possibly giving history. Blackbaud has notified us that there is no reason to believe that any data was or will be misused or will be further disseminated publicly. The service provider has hired a third-party team of experts to continue monitoring for any such activity.

We remain in regular contact with Blackbaud regarding the details of this incident and are assessing their response. We will continue to work with Blackbaud to advocate on your behalf and to ensure that Blackbaud takes every precaution to protect against any potential misuse of your information.

This incident emphasizes the growing risk of cyberattacks, including ransomware, in our highly technology-dependent business environment. It is critical that you remain vigilant toward any solicitations for charitable contributions you may receive, verifying these solicitations, and report any suspicious activity or suspected identity theft to your local law enforcement authorities.

If you have immediate questions or concerns regarding this matter, please email us at privacy@diobpt.org. We thank you for your patience and understanding during this time.

Sincerely,
Joseph Gallagher, Chief Development Officer, Diocese of Bridgeport
Holly Doherty-Lemoine, Executive Director, Foundations in Education
Michael Donoghue, Executive Director, Catholic Charities of Fairfield County