September 3, 2020
The Sisters of St. Francis Foundation utilizes the services of Blackbaud, one of the world’s largest providers of financial and fundraising technology to nonprofits. Blackbaud hosts our database of donors and supporters. We were notified on July 16, 2020, that a backup of our database was included in a sophisticated data breach at Blackbaud that occurred between February and May 2020. The foundation does not gather bank account information or social security numbers. The foundation only receives the last four digits of credit card information from our card processing company and that data field is securely encrypted in the Blackbaud system. Names of supporters, addresses, demographic information, and relationship with the congregation could have been accessed. We value transparency to our supporters and therefore provide this notice to you. Blackbaud states that they successfully prevented the cybercriminal from blocking the system and received confirmation that the copy removed had been destroyed. Further, they identified the vulnerability associated with the incident and took action to fix it. Based on the nature of the incident, Blackbaud’s research, and third party (including law enforcement) investigation, they state they have no reason to believe that any data went beyond the cybercriminals, was or will be misused, or will be disseminated or otherwise made public.
The lapse of time prior to July 16 was due to Blackbaud’s ongoing investigation. The time we took since then to inform you of the incident was to ensure that we properly understood the situation, to determine what data was impacted, what disclosure was required to comply fully with state regulations, and to confirm with Blackbaud that proper steps were being taken to ensure greater protection going forward. In addition, we engaged an attorney who specializes in cyber security law to review Blackbaud’s investigation. The attorney concluded that the data exposed did not include any information that could identify the Personal Identifiable Information (PII) of our donors as defined by state statutes.
The Sisters of St. Francis of Philadelphia and the Sisters of St. Francis Foundation value and honor the privacy of our donor information. We deeply regret this occurrence and any concern that it may cause our supporters. We are in continued conversation with Blackbaud to assure ongoing protection of stored data. If you have any questions about this announcement, please feel free to contact me at (610) 558-7713.
What can you do to ensure you are protected? Although nothing is required, as a best practice, we recommend you remain vigilant and promptly report any suspicious activity or suspected identity theft to us and to the proper law enforcement agencies. Moreover, if you believe it prudent to reach out to credit reporting agencies or your financial institutions, we encourage you to do so.
Please know that the sisters keep you and your loved ones in our prayers.
Blessings of peace and all good,
Sr. Deborah Krist
Director of Mission Advancement