The Paso del Norte Community Foundation was recently notified by Blackbaud, Inc. of a security incident.  Blackbaud is our third-party data base provider and one of the largest software providers for philanthropy including higher education, healthcare, nonprofit organizations and foundations.

What happened
Blackbaud notified us on July 16th that they were the victim of a ransomware attack in May of this year.  Blackbaud worked with security experts and law enforcement to respond to the threat. According to Blackbaud, they agreed to pay the cyber criminals to delete the information and are closely monitoring to verify that no data was misused. 

What information was involved?
We are not aware of any instances of fraudulent activity in connection to our data.  The data potentially accessed may have included personal contact information like names, titles, phone numbers, email addresses and donation history. The Foundation does not maintain personal information such as Social Security numbers, bank account, credit or debit information with Blackbaud. 

Steps Blackbaud has taken in response
Blackbaud agreed to pay the cybercriminals to delete the information. Blackbaud has undergone a thorough investigation, with the assistance of law enforcement, confirming that no encrypted information was accessible in the attack. Blackbaud is closely monitoring the Internet to verify that no data has been misused. 

What we are doing

• We are notifying affected donors to make them aware of this breach of Blackbaud’s systems so they can remain vigilant;
• We are working with Blackbaud to understand what actions Blackbaud is taking to increase its security;
• We are continuing to monitor the situation with Blackbaud and our IT providers and will continue to review and update all of our data and security policies and procedures.

What you can do
We are not aware of any instances of fraudulent activity connected to the Foundation’s data. However, out of an abundance of caution, we encourage you to monitor your online and financial activity and report anything suspicious.  

For your convenience, the contact information for these credit agencies is below:

• Equifax:  https://www.equifax.com/personal/credit-report-services/ 800-685-1111
• Experian:  https://www.experian.com/help/888-397-3742
• Transunion: https://www.transunion.com/credit-help888-909-8872

For more information
Blackbaud has issued a statement on their website regarding this incident. You can visit their site for more information. https://www.blackbaud.com/securityincident.

We take cyber-threats very seriously.  If you have questions regarding the Foundation’s data related to this incident, please contact Mica Short, Vice President for Development, at mshort@pdnfoundation.org or 915-218-2644.