View web version
 
     
 
 

Dear Friend,

At the Lymphoma Research Foundation, we value your continued support and respect your privacy, which is why we are writing to inform you of a data security incident involving one of our third-party service providers, Blackbaud, that may have involved your personal information. Please know that we take the protection and proper use of your information very seriously.

Blackbaud is a leading cloud-based data management service provider that works with nonprofit organizations and universities. Blackbaud-hosted databases manage our data, and we, among a significant number of other non-profit and higher education organizations, have been impacted by its data security incident.

What happened?
We were recently notified by Blackbaud of a security incident that occurred between February 7, and May 20, 2020. Blackbaud discovered and, with the help of forensics experts and law enforcement agencies, stopped a ransomware attack. Unfortunately, the cybercriminal removed a copy of the backup files of many of Blackbaud’s customers, including our backup file that may have contained your personal information.

What information was involved?
Based on our investigation, the information contained in the backup file may have included your contact information and a history of your relationship with us, including, your donation history (the “Information”).

What Blackbaud has done.
Blackbaud has explained that it paid the cybercriminal’s demand and has third-party confirmation that the copy of the backup file was destroyed. Blackbaud has informed us that they have identified the vulnerability, taken action to fix it, and already implemented changes that will protect their systems and our information from any subsequent incidents.

What we are doing.
When Blackbaud notified us about its security incident, we immediately began a full investigation. Ensuring the safety of our constituents’ data is of the utmost importance to us, and we are deeply upset by this incident. As of the date of this letter, we do not have evidence, and we have no reason to believe, that the criminals who received the information have misused it; but, we cannot determine with certainty that the Information will not be misused. For this reason, we are advising you of this incident as a precaution so that you can remain vigilant.

Moving forward, we will migrate our data to a different service provider if we are not confident that Blackbaud has taken sufficient measures to ensure that this type of security incident cannot happen again.

What you can do.
We encourage you to remain vigilant twenty-four months for any strange inquiries. We will never contact you to request your banking or credit card information or to provide you with our banking information, so please call us at (212) 349-2910 if you receive any unusual communications from anyone claiming to be us.

For more information.
We sincerely apologize for this incident and regret any inconvenience it may cause you. Should you have any further questions or concerns regarding this matter and the protections available to you, please do not hesitate to contact us.

Sincerely,
Lymphoma Research Foundation

  
powered by Blackbaud
nonprofit software