Statement on data breach at Blackbaud, Inc., a Human Rights First vendor

On July 16, 2020, Human Rights First was informed that Blackbaud, Inc., one of the largest providers of donor management software for the not-for-profit sector and a vendor used by Human Rights First, had been the victim of a ransomware attack in May 2020.

Blackbaud ultimately expelled the attacker from their systems but, prior to being locked out, the attacker was able to remove a copy of a backup file that contained some information about Blackbaud’s clients.

Human Rights First was one of many Blackbaud clients informed that some of our donor and prospective donor data was impacted. We are now working with Blackbaud to determine what donor or prospective donor data may have been compromised.

Blackbaud representatives informed Human Rights First that a forensic investigation was undertaken by law enforcement and third-party cybersecurity experts. Blackbaud confirmed that the investigation found that no encrypted information, such as credit or debit card information, bank account information, usernames, or passwords, were accessed or acquired by the attacker.

Based on the nature of the incident, their research, and the third-party investigation, Blackbaud has stated that they have no reason to believe that any data went beyond the cybercriminal, was or will be misused, will be disseminated, or will otherwise made available publicly.

In addition, Blackbaud provided information to Human Rights First on how they addressed the incident and security improvements they have implemented to prevent future incidents.

Human Rights First takes data protection very seriously; we are committed to working with our vendors to safeguard all of our donor’s personal data.

For information about this incident and Blackbaud’s response to it, please visit their website at blackbaud.com/securityincident.