Overview: A laptop containing customer data was stolen from a Blackbaud employee’s car nine months ago. The laptop and file were password protected, and the financial data was encrypted. No known data breach has occurred. This incident was handled in accordance with best practices with the timely notification of the customer and the extension of notification and free credit monitoring services.
In September, 2008, following the report by an employee of the theft of a company laptop, Blackbaud initiated its procedures for determining if customer data might have been placed at risk due to this theft. When Blackbaud had verified that the security of customer data could have been compromised, the company notified the customer involved, The University of North Dakota Foundation and Alumni Association, and worked with the organization to rectify the situation.
The theft, which occurred in Charleston, South Carolina, involved a laptop which was password-protected and the customer data files were also password-protected. Furthermore, the financial data and social security numbers in the files were encrypted.
Marc Chardon, president and chief executive officer of Blackbaud said, “No matter how well-designed and implemented our security procedures are – including levels of password protection and data encryption – in the case of the physical theft of a computer we presume that the security of customer data has been compromised and move immediately to do everything we can to help our customers notify the people whose names and personal information are on those files.”
Jake Marcinko, manager of information security and monitoring at Blackbaud said, “Once we determined that customer data might have been placed at risk, we informed the affected customer immediately, and worked with them to make sure that the people in those files have been notified and are being assisted in taking the steps necessary to monitor their credit information. This will help them protect themselves if, in fact, a breach in the security of their information takes place. At this time, no known breach of information has occurred.”