Public Broadcasting Atlanta (PBA) has learned that our previous fundraising software provider Blackbaud experienced a breach of its data security. Blackbaud is a software consulting firm utilized by more than 45,000 nonprofit organizations, foundations, universities, health care entities and other organizations worldwide. Blackbaud recently informed PBA about the data security incident, which occurred during February 2020. A detailed explanation of the data security incident may be found on Blackbaud’s website.
Blackbaud informed PBA that certain PBA membership data was part of the breach. The affected data involved certain generally available information, such as names, addresses, phone numbers, email addresses, and birthdays. However, more identity sensitive information, such as credit card information, bank account information, usernames, passwords, or social security numbers were not involved in the breaches. Also, as referenced above, Blackbaud is no longer a PBA software provider. As a result of this change, any individual who made a first contribution to PBA after September 1, 2019 would not have had any of their information accessed.
Blackbaud states that, based upon its actions in coordination with law enforcement authorities, there is no reason to believe that the data which was affected extended beyond the cybercriminal or has been disseminated publicly or otherwise misused. Blackbaud is working with a team of experts to monitor for any such activity.
PBA takes this incident seriously and is working consistently with our current fundraising software provider to ensure such provider is providing the highest level of data security protection and the necessary actions to protect your data from cybersecurity attacks. PBA is also seeking additional information from Blackbaud on an ongoing basis regarding this incident. Should PBA obtain additional information regarding this incident from Blackbaud, PBA will post this information on our website. If we learn that any of our members’ data has been impacted beyond what we know now, we will immediately notify those individuals.
Your personal data is of the utmost concern to PBA. We deeply regret that this incident has occurred. If you have any questions or for consumer support resources, please see our FAQs below or contact PBA member services at firstname.lastname@example.org or (404) 733-1330.
Frequently Asked Questions
How do I know whether my data was affected?
Most current and past donors to ATL PBA and WABE were included in the file that was impacted. Our understanding from Blackbaud, based upon their work with law enforcement and experts, is that the affected data was destroyed. However, we are working through legal channels to try to learn more.
If your first gift to WABE or ATL PBA occurred on September 1, 2019 or later, your data was not affected, since your data was never entered into our Blackbaud records.
What type of information was impacted by this incident?
According to the notification Blackbaud provided to PBA, the data involved in this incident included certain personal data, such as names, addresses, phone numbers, emails, and spousal information, but not credit card or EFT information, social security numbers, or passwords. PBA believes, based on Blackbaud’s representations, that measures have been taken to protect member information involved in the incident and that it is not being distributed or misused.
Where can I go to get more information about personal data security?
The Federal Trade Commission website provides options about how to help keep your personal information secure or how to seek help if you feel you may have been the victim of identity theft. You can also find resources at the Office of the Georgia Attorney General.
Is this part of the larger Blackbaud breach I have read about in the news?
Likely, yes. Unfortunately, this incident has affected hundreds of organizations worldwide, including many nonprofit organizations. We are focused now on working with our station attorney to obtain more information from Blackbaud and to keep our entire membership up-to-date as we learn more.
What is PBA doing now to protect member data?
We are no longer working with Blackbaud. We now have a different database provider, and we have communicated with this service provider to ensure that all appropriate defenses are in place to fully protect PBA member data.
I have other questions that are not answered here, where can I go for answers?
If you have additional inquiries, you may contact PBA Member Services at email@example.com or (404) 733-1330.