Blackbaud Security Incident

Last Updated July 24, 2020

The responses below are based on information provided by Blackbaud as of July 21, 2020.  Blackbaud’s public statement is available at 

What happened and when? 

Alpha USA was notified on July 16, 2020 by Blackbaud, one of our third-party service providers, that they discovered and stopped a ransomware attack on May 20, 2020. Blackbaud’s cybersecurity team along with independent forensics experts and law enforcement were successful in preventing the blocking of system access and the full encryption of files. In addition, Blackbaud informed us that a copy of a backup file containing personal data was also removed by the cybercriminal. This occurred at some point between February 7, 2020 and May 20, 2020. 


How is Alpha USA responding? 

Alpha USA takes the safety and security of your personal information very seriously. Since your data with Alpha USA was involved in the incident, we immediately began our own investigation. At this time, we have no indication that your data was misused or disseminated publicly. Keeping your donor data secure is a top priority, and we will notify you promptly if our investigation uncovers new information. 


Who can I contact if I have questions? 

Individuals are encouraged to call our Donor Development team at 1-224-588-8539 for assistance. A professional familiar with this incident will be available to answer questions and provide guidance on how to protect your personal information. 


Why was there a delay in notifying Alpha USA? 

Blackbaud prioritized defense efforts against the cybercriminal’s attempt to encrypt customer files, preventing them from blocking system access, and expelling them from the system. Making this first priority allowed Blackbaud to successfully defend against this attack. Next, Blackbaud began a thorough investigation. This involved partnering with independent forensics experts and law enforcement to investigate the cybercriminal, doing extensive research and analysis on the files to determine if any information had been corrupted or otherwise impacted, producing tools and resources for Blackbaud customers, and deploying measures to ensure this doesn’t happen again. 


What is a ransomware attack? 

Ransomware is a type of information security attack through which a cybercriminal prevents users from accessing their system or personal files. The cybercriminal then demands a ransom payment for the user to regain access. 


Did Blackbaud pay the ransomware amount? If so, how much? 

Blackbaud used several measures to protect your data, including payment to the cybercriminal after assurance that they had destroyed the data. Blackbaud has found no reason to believe that any data was or will be made available publicly. As a precautionary measure, Blackbaud has hired outside experts to monitor the situation and they have found no evidence that any information was ever released. Blackbaud has not disclosed the ransom amount that was paid. 


What type of personal information was maintained on the backup file? 

We have determined that the backup file contained personal data such as contact information, history of giving, donor relationship with Alpha USA, and demographic data. In addition, Blackbaud has informed us that no credit card information, no bank account information, and no Social Security numbers were stolen. We have no indication at this time that your data was misused or disseminated publicly. 


Do you have any indication that my personal data has been compromised? 

No, we are not aware of any actual or attempted misuse of the data. As a precautionary measure, Blackbaud has hired outside experts to monitor the web and they have found no evidence that any information was ever released. 


What should I do if someone tries to steal my identity? 

At this time, Blackbaud is not aware of any Personally Identifiable Information that could lead to identity theft or fraud involved in this exposure (i.e., SSN, credit card information, bank account information, driver’s license numbers, passport information, passwords, etc.). However, we do suggest that you monitor your accounts and be vigilant for phishing attacks attempting to solicit information from you. 



Skip to content