Newark Public Library sent a letter to donors and supporters yesterday, informing them that one of their vendors, Blackbaud – a data management firm for nonprofits and educational institutions, recently notified the library of a security breach.
Blackbaud was the target of a ransomware attack in early 2020. This breach did not include access to any credit card information, bank account information, or social security numbers.
Blackbaud determined that the file may have contained demographic information including customer and donor names, physical and email addresses, telephone numbers, and giving history.
Blackbaud informed Newark Public Library that the company paid the cybercriminal’s ransom and received confirmation that the stolen data had been destroyed.
Based on its internal research, law enforcement and other third-party investigation, and the nature of the incident, Blackbaud concluded that no data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly.
Although Newark Public Library currently has no reason to believe that personal information will be misused, they encourage patrons and supporters to remain vigilant and promptly report any suspicious activity or suspected identity theft to the library, to Blackbaud, and to the proper law enforcement authorities.