Blackbaud breach – Executive Options in light of Reports to OPC & ICO

Three Executive Actions to help mitigate further risk

If your company leverages Blackbaud CRM – this article will provide you of three actions that will help mitigate risk.

Blackbaud a reputable company that offers a customer relationship management system has been hit and paid off ransomware. According to G2, Blackbaud CRM is a cloud fundraising and relationship management solution built on Microsoft Azure specifically for enterprise-level fundraising and marketing needs. The company released an official statement on their website available here

As a client, whether you have been notified or not of the breach, your organization has a opportunity to follow breach mitigation and notification protocols

Blackbaud has already notified its clients which data was breached, that said, regardless if you have received the notice or not you have been affected. These are three actions that will ensure that you limit your liability:

1- Request Contract Review and Third Party Review: Review the service contract with Blackbaud and any other third party managing your Razors Edge systems to ensure that it includes notification and risk assessment clauses.

2- Seek a confirmation from Blackbaud: Request a confirmation that ascertains whether donor data or any other identity credentials have been compromised.

3- Post a statement: If your aggregate data or credentials have been compromised, follow your internal breach notifications protocol.

In all cases, your information security or IT department should follow breach mitigation protocols, including but not limited to password reset, enabling two-factor authentication for administrators, and enabling off-cloud backup.

Since the publication of this article, the Office of the Privacy Commissioner of Canada and the Information Commissioner’s Office of the United Kingdom have received notices of the breach.

Visit for more articles on Privacy, Security, and Social Media Analytics.