Does anyone receive email notification about NXT attack? - urgent
Hi folks does anyone receive the notice
https://www.blackbaud.ca/newsroom/article/2020/07/16/learn-more-about-the-ransomware-attack-we-recently-stopped
Which hosted environment got attacked?
Incident call needs to wait for 90 mins.
https://www.blackbaud.ca/newsroom/article/2020/07/16/learn-more-about-the-ransomware-attack-we-recently-stopped
Which hosted environment got attacked?
Incident call needs to wait for 90 mins.
0
Comments
-
Hi Catherine,
Yes, we received the notification too and connected with our account manager today. Happy to chat if needed!0 -
Hello,
You will recieve an email letting you know whch of your products has been hacked. Then there are resources to help on what to do next.
https://host.nxt.blackbaud.com/incident-resources/?svcid=support&leid=p-t2Q4JFYK1UOEqHr9GOFUGA
0 -
Thanks for all everyone's response. Our hosted environment I safe. Have a great weenend!0
-
How many organizations are feeling the need to send out a notification? How do we know what data was actually breached?6
-
Totally agree with you on this. I know what wasn't compromised but what WAS compromised?3
-
Yes.
Does anyone know from a GDPR perspective if this beach is notifiable to the ICO?
Morally I feel we're obliged to inform our data subjects but I need to establish the legal position
Like others in the group I really need to know the EXACT nature of the data taken - 'Backup data' is a broad brush.
Thoughts?
1 -
This was us last Thursday...2 hours to speak to someone at the number provided and then we got disconnected (we were able to speak with someone later though). We have also reached out to Customer Success via email, online chat support, and our Account Executive. All answers received so far have been a repeat of the original email Blackbaud sent last week. What keeps getting mentioned is to look at the fields in our product database to see what is not encrypted. Searching the knowledgebase (per the instructions we received) for more information about this has been futile. Contacting support wasn't any better as they are not able to provide a list of fields in our database. It has been very, very frustrating. Anyone else experience this?1
-
Agreed.
I am running into the same thing. It's incredibly frustrating.0 -
Check out https://community.blackbaud.com/forums/viewtopic/147/51457 for more discussion.0
-
I posted this on a couple other threads that are having this same discussion:
Update: Our Account Executive sent a link this morning to this knowledgebase article that gives a complete list of encrypted fields:
https://kb.blackbaud.com/articles/Article/47633?_ga=2.183084207.844473688.1595265186-352945951.1568134668
Fields not on the above list are not encrypted and were part of the data breach.
Customer Support also contacted me this morning and told me the best way to get lists of our fields:
Go to Configuration and select Fields
Select the category you want to see the fields for (Action, Constituent, etc.)
Right-click anywhere on the open white space to the right of the fields listed to Export to Excel.
This has been posted by Duane Waite as well on one of the threads. (I hope I am giving credit to the correct person!)
Thank you everyone for all your comments and advice!4 -
Attending the CIO-led webinar today. Hope to get more answers.0
-
Xerxes Eclipse, can you share viewing information on this webinar?0
-
Katrina Freeburg:
Xerxes Eclipse, can you share viewing information on this webinar?The next webcast is scheduled for Thursday, July 23 at 10am ET. You can get the links to register/access from the Resources for Involved Customers page. There is also a webcast from Ted Claypoole of Womble Bond Dickson, which Blackbaud have retained regarding the incident, where he talks about some of the databreach disclosure laws that may be applicable. It's on demand and probably useful to watch if you don't have a legal department in your organization.
1 -
Stacey and others: exporting the list of fields from Config will give you an IDEA of MOST of the fields, and perhaps the most important ones, but it certainly will not give you all the fields in RE -- just look at the Phone option, for example. While this might also not be 100% perfect, here's what I posted in the RE group on Facebook on Friday that is likely much more comprehensive: The easiest way to get a list of fields in RE is here: https://www.blackbaud.com/docs/default-source/how-to-documentation/raisers-edge-how-to/raisers-edge-user-guides-administration/import.pdf With that consider: (1) the list of encrypted fields that are not at risk per BB (https://kb.blackbaud.com/articles/Article/47633); (2) ADD your Attributes which won't be here (easy to print or PDF with File, Print from that screen); (3) REMOVE the fields for RE optional modules you don't have; and (4) MODIFY the list for any fields you use other than as intended. On this: IMHO, do *not* start exporting a ton of information from RE, especially the sensitive fields, to a spreadsheet to analyze, search, etc. the data or fields. Do not create a new security problem to solve another one: data in a spreadsheet on your computer is a security disaster waiting to happen when someone gets ahold of that spreadsheet, computer, laptop, etc. And deleting a file does not actually delete it.
Original post above 7/17. 7/21 addition: Today I realized that with #2 in my post above I was thinking "RE 7" and "RE NXT database view." Blackbaud's emails reference "Blackbaud Raiser's Edge NXT" for some I've seen. Be aware that I don't know where or how Blackbaud stores and backs up RE NXT web view exclusive content, like Attachments (although there are other fields as well), and to my knowledge has not clarified whether this breach involves RE NXT database view only data or "all" of RE NXT. I also do not know of a source for a list of those fields. So, I would add to #2 above (5) ADD RE NXT web view-only fields if your organization is on RE NXT.
Hope that helps some.9 -
Thank you Bill Connors for the information. I tried the link but it goes to Facebook asking if I want to follow the link. I chose not to. Do you have a different link to the information?
0 -
Hmm, sorry, they work for me. But here they are directly:
https://www.blackbaud.com/docs/default-source/how-to-documentation/raisers-edge-how-to/raisers-edge-user-guides-administration/import.pdf
https://kb.blackbaud.com/articles/Article/47633
Also, Stacey, I just edited my earlier post, so please see the edit as well.3 -
Thank you Bill Connors!0
-
Edit #2 7/22: Sorry for this additional edit, but BB had over 2 months to prepare for this announcement and I've had less than a 1 week to try to help you all in my "spare time." I realized last night that the Import Guide understandably only includes fields that can be imported into RE 7/the RE NXT database view. It does *not* include *all* fields, such as the constituent and proposal Media tabs. I still think it's the best place to start for the quickest, biggest list available for RE fields, but I need to point out it does not include every single field. If you want to be 100% thorough, you should (6) COMPARE the guide to your live copy of RE and ADD to the list fields in your system not in this guide, like Media.5
-
We were told that ResearchPoint data was also compromised. I see the great information about RE, but has anyone been able to pull out any information about RP and what fields are part of the breach and have been compromised in that system.1
-
Thank you, Bill Connors for the resources and to everyone who shared information on this thread!0
-
Hi, Tiffanie Duncan, we are assuming it was all fields within ResearchPoint that were compromised. I can't speak to attachments and media as we don't store those in ResearchPoint so I wasn't paying attention to that personally. But if you had strategic notes (again we didn't store there) those would have been captured.
The fields that concern me the most are birthdates (we did not store SSN, CC, or Bank Info), asset information, name and address information, board affiliations, giving history to our organizations, and to others.
While birthdates alone can't do much with a name and address they can be sold to other criminals and then combined with other information stolen from other sources and profiles are then built and sold.
How each organization uses ResearchPoint (or RE) varies greatly. Some organizations use it as their main database, some even have health information in it. It doesn't matter how long ago the information was updated or researched. We haven't used ResearchPoint since last summer so we confident that our data looks exactly the same today as it did back in January before this happened.
I hope this information is helpful.
?3 -
Initially, only affected organizations were contacted. While the non-encrypted data was obtained, Blackbaud believes that it was NOT distributed past the initial breach. Nothing is a 100% guarantee, but I don't believe the data was distributed past the first stage of compromise. Hence, your constituents data should not be on the dark web, etc. for sale or distribution.0
-
We are preparing our messaging to send to constituents. We will be emailing a notification to those constituents with an email address and mailing a letter to those without. I'm curious as to what other organizations are doing. Are you notifying constituents via both email and mailed letter?0
-
Stacey - like many organizations, we issued what we consider to be a voluntary notification via email. Our campus had a cyber insurance policy so we are working with an approved data security incident firm to determine what, if any, other forms of notification need to be sent. In consultation with our registrar and financial aid office, we determined that we should alert the Department of Education although they are undoubtedly already aware of this incident. Still muddling through the GDPR notification issue.
If you just search on "blackbaud data security incident" you will find examples of messaging other organizations have sent. Most appear to follow the recommending messaging that was issued by Blackbaud. I have gotten two notifications from organizations I've donated to in the past but am aware of at least one other organization that has not issued any notification as of yet.
Kim1
Categories
- All Categories
- 6 Blackbaud Community Help
- 211 bbcon®
- 1.4K Blackbaud Altru®
- 402 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 1.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- 15 donorCentrics®
- 360 Blackbaud eTapestry®
- 2.6K Blackbaud Financial Edge NXT®
- 655 Blackbaud Grantmaking™
- 576 Blackbaud Education Management Solutions for Higher Education
- 3.2K Blackbaud Education Management Solutions for K-12 Schools
- 940 Blackbaud Luminate Online® and Blackbaud TeamRaiser®
- 84 JustGiving® from Blackbaud®
- 6.7K Blackbaud Raiser's Edge NXT®
- 3.7K SKY Developer
- 248 ResearchPoint™
- 120 Blackbaud Tuition Management™
- 165 Organizational Best Practices
- 240 Member Lounge (Just for Fun)
- 34 Blackbaud Community Challenges
- 37 PowerUp Challenges
- 3 (Open) PowerUp Challenge: Grid View Batch
- 3 (Closed) PowerUp Challenge: Chat for Blackbaud AI
- 3 (Closed) PowerUp Challenge: Data Health
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Product Update Briefing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports+
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Email Marketing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Gift Management
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Event Management
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Home Page
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Query
- 796 Community News
- 3K Jobs Board
- 54 Blackbaud SKY® Reporting Announcements
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)