On July 16, 2020, Carnegie Library of Pittsburgh (CLP) received notification from Blackbaud, a third-party cloud-hosting provider utilized by CLP, of a cyber incident experienced by Blackbaud. Blackbaud provides donor and financial software to CLP. According to Blackbaud’s notification, Blackbaud discovered and stopped a ransomware attack in May of 2020. While Blackbaud prevented full encryption and removed the threat actors from their environment, Blackbaud discovered that certain information was copied by the threat actors. Blackbaud emphasized that the copied data did not include credit card information and any bank account information, username and passwords, and social security numbers. These pieces of information were secured using data encryption.
What information was believed to be compromised?
Blackbaud has not provided specific information regarding what data may have been impacted. CLP stores demographic information such as names, addresses, phone numbers, emails and gift information as well as vendor information. However, Blackbaud did note that credit card information was not impacted and any bank account information, username and passwords, and social security numbers that could have been impacted were secured using encryption. We are diligently working to obtain additional information from Blackbaud.
It is important to note that there is no evidence to suggest that any personally identifiable information has been misused. Additionally, there is no indication that any associated information is being bought or sold on the internet.
Am I affected?
As Blackbaud has not provided specific data on what information may have been impacted, CLP is unaware of what individuals, if any, have been impacted. We are working to obtain additional information from Blackbaud to further investigate this matter. Because we value our relationship with our donors and vendors, we felt it was best to notify you of the breach.
Does this mean that I (or impacted individuals) will become a victim of Identity Theft?
At this time, we have no information to indicate that any information has been or will be misused. However, we recommend regularly reviewing and monitoring all of your account statements and credit history to guard against any unauthorized transactions or activity. Blackbaud assures us that social security numbers, credit card numbers and bank account information, if stored by Blackbaud, is stored in an encrypted state. We are working diligently to obtain additional information from Blackbaud to further investigate this matter.
Will CLP or Blackbaud be providing notification to impacted individuals?
We value your trust in us to safeguard your personal information. In an effort to be as transparent as possible, we have provided notification of the incident to our individual donors via email on July 31, 2020. In addition, a printed letter will be mailed to all donors and organizations in our databases. Should we determine that your sensitive information may have been subject to unauthorized access, we will notify you directly.
Are impacted individuals being provided any protection, such as credit monitoring?
Blackbaud has not provided any indication whether they will be providing credit monitoring services. Notably, Blackbaud has indicated that sensitive information, such as social security numbers and banking information, were not impacted as they were secured using encryption technology. However, if you are concerned about identity theft, please contact us to discuss this further.
When did CLP become aware of this?
CLP learned of this incident on July 16, 2020 when Blackbaud provided notification of the incident. We immediately began working to obtain additional information from Blackbaud.
Who is responsible for this?
Blackbaud is solely responsible for the security and maintenance of the impacted data.
Should I close my Financial Accounts that may have been affected by this event?
This is a personal judgment call for which we cannot advise you on. Notably, Blackbaud assured us that any banking information would have been stored in an encrypted state and therefore inaccessible by any unauthorized individuals.
Does this have any impact on my library card or borrowing usage?
No. That information is stored in a different secure database not provided by Blackbaud.
I have more questions. Who can I contact?
Please contact our staff in the Office of External and Government Relations at 412.622.6276 or firstname.lastname@example.org.