This notice was sent via email to all accounts for which ACLT has an email address and via US postal service to all other accounts.
The information below relates to a data security incident involving Blackbaud, Inc., a service provider used by the American Chestnut Land Trust (ACLT). We take our data protection responsibilities very seriously and want to keep you informed, although at this time, we believe there is no threat to disclosure of your personal information.
In late July, we were contacted by Blackbaud, one of the world’s largest providers of donor relationship management systems for non-profit organizations. We were informed that one of Blackbaud’s service providers had been the victim of a ransomware attack that culminated in May 2020. Immediately following the discovery of the attack, a detailed forensic investigation was undertaken, on behalf of Blackbaud, by law enforcement and third-party cyber security experts.
ACLT data accessed by the cybercriminal in the Blackbaud database did not contain any credit card information. Further, the cybercriminal did not gain access to bank account information because it is encrypted. ACLT does not store usernames, passwords, or social security numbers, so none of this type of data was accessed. We do retain donor information that enables us to communicate effectively with you. None of our data was lost or corrupted as a result of this incident.
Blackbaud assured us that in order to protect donor data and mitigate potential identity theft, it met the cybercriminal’s ransomware demand. Blackbaud has advised us that the data was destroyed, based on findings from cybercriminal and third-party experts. Blackbaud continues to monitor online activity in an effort to verify the data accessed by the cybercriminal has not been misused.
You can learn more about the breach from Blackbaud here:
If you have any questions or concerns, please call our office at (410) 414-3400 or email gbowen@acltweb.org