July 28, 2020
Dear Cascia Hall Community,
We are writing to let you know about a data security incident that may have involved your personal information. We take the protection and proper use of your information very seriously. We are therefore contacting you to explain the incident and providing steps you can take to protect yourself.
We were recently notified by Blackbaud (our educational software platform provider) of a security incident that affected the fundraising management software we use. At this time, we understand Blackbaud has discovered and stopped a ransomware attack on one of their East Coast servers. Prior to locking the cybercriminal out, the cybercriminal removed a copy of our backup file containing your personal information. This occurred at some point beginning on February 7, 2020, and could have happened intermittently until May 20, 2020. Based on the nature of the incident, Blackbaud’s research, and a third party (including law enforcement) investigation, Blackbaud has no reason to believe that any data went beyond the cybercriminal, was, or will be misused, or will be disseminated or otherwise made available publicly.
It’s important to note that the cybercriminal did not access your credit card information, bank account information, or Social Security number. However, Blackbaud has determined that the file removed may have contained your contact information (name, address, e-mail, and/or phone numbers) as well as your giving history to Cascia Hall Preparatory School. The cybercriminal could not access tuition, grades, class schedules, or other academic systems.
We are notifying you so that you can take immediate action to protect yourself. Ensuring the safety of your data is important to us. As part of their ongoing efforts to help prevent something like this from happening in the future, Blackbaud has already implemented several changes that will protect your data from any subsequent incidents.
As a best practice, we recommend you remain vigilant and promptly report any suspicious activity or suspected identity theft to us and to the proper law enforcement authorities.
Blackbaud has apologized for this incident and we also offer our apology and regret any inconvenience it may cause you. Should you have any further questions or concerns regarding this matter and/or the protections available to you, please do not hesitate to contact me at firstname.lastname@example.org
Chief Financial Officer