The New England Center and Home for Veterans was recently notified of a data incident that affected a large number of not-for-profit organizations. First and foremost; it is important to note that as a matter of policy, the NECHV does not collect or store sensitive information such as social security numbers, date of birth, banking or credit card information. Therefore, this information about the NECHV’s supporters was NOT included in this incident.
The NECHV, like more than 25,000 other charities, contracts with the industry’s leading software provider for technical support in fundraising. We learned from our contractor in early August that the company had experienced a ransomware cyberattack, and that the NECHV was among the affected customers. The contractor alerted us to the fact that the cybercriminals may have copied or removed some of our stored donor files, including contact information, demographics and donation history. Again, it is important to note that since the NECHV does not collect or store social security numbers, date of birth, or banking or credit card information; the attack does not represent identify theft, or an appreciable increase in that risk to our donors.
The contractor reports that they paid a ransom for the data to be destroyed and that it was reported by the attackers to be complied with. They further reported working with law enforcement, independent data forensic experts and their internal data team, to stop and ultimately forestall the remainder of the attack. They did not notify their customers of the incident until their full investigation was complete.
The NECHV has always been acutely aware of and focused on the safety and security of any information belonging to its valuable and generous supporters. The contractor has reported to us, and to all its customers, that it has taken additional measures to ensure the prevention of a similar attack in the future, and that they have instituted additional changes to protect data and harden their product to other types of vulnerabilities. We will continue to monitor the company’s activities in this regard, as the integrity of our relationship with our community supporters remains our top priority.
If you have any questions or concerns on this matter, please feel free to contact us at firstname.lastname@example.org and a qualified staff member will respond to you promptly