Notice of Data Breach
July 31, 2020
We were recently notified by one of our third-party service providers, Blackbaud – one of the world’s largest customer relationship management providers – that they have experienced a ransomware attack that impacted many of its clients around the world, including our Foundation. At this time, we understand Blackbaud discovered and stopped the ransomware attack. A full description of the incident from Blackbaud can be found here.
What Information Was Involved
St. Boniface Hospital Foundation uses Blackbaud products to manage donor information. The Foundation’s Blackbaud database does not include donor banking, credit card information or social insurance numbers. The cyberattack on Blackbaud systems resulted in a breach of some personal information which may include: your name, date of birth, contact information (address, phone number and in some cases, e-mail address), and information about your past donations to the Foundation.
Blackbaud was able to retrieve all the data that was compromised. Based on the nature of the incident, Blackbaud’s research, and law enforcement investigation, they have told us they have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly. In order to further mitigate risks, Blackbaud has hired a forensic firm to monitor the Internet and dark web for any signs of the breached data.
What We Are Doing
St. Boniface Hospital Foundation takes all breaches of privacy and confidentiality seriously. Since learning of this incident, we have taken the following steps to protect our donors and other stakeholders:
- We are providing this notice so that you are aware of the incident, and so that you can take steps to monitor any communications you may receive from unknown third parties.
- We are working with Blackbaud to understand why this data breach happened, and what actions they have taken to strengthen their cybersecurity.
- We are reviewing our own internal policies to ensure that we take all steps to keep donor data secure.
For More Information
There is no action required on your part. Should you have any further questions or concerns regarding this matter, please contact the Foundation by email at email@example.com or by calling us at 204-237-2067.
We sincerely apologize for this incident and regret any inconvenience it may cause you.
As a charitable organization, St. Boniface Hospital Foundation must earn the trust of our donors and other community stakeholders. St. Boniface Hospital Foundation’s accreditation within Imagine Canada’s Standards Program independently validates our excellence and compliance with standards for Board governance, financial accountability and transparency, fundraising, and more.
St. Boniface Hospital Foundation adheres to the Canada Revenue Agency’s fundraising guidelines, including the requirement to file a T3010 Information Return, which discloses a charity’s financial information, expenditures, revenue, and compensation. Find our T3010 here.
Board members are volunteers – accomplished and respected community members who give their time, talents, and expertise to help guide the Foundation. Complying with our Board bylaws and best practice, Board members receive no remuneration, nor do they directly or indirectly benefit from serving on the board. Here is a statement of instances in the past 12 months when the Foundation paid for services or products of companies with direct links to a board member. In each instance, the board member remained at arm’s length, per St. Boniface Hospital Foundation’s Conflict-of-Interest Policy .
Protection for donors
St. Boniface Hospital Foundation takes any complaint seriously. We are committed to addressing complaints in a timely, consistent, transparent, and fair manner.
All charities incur operational expenses in pursuit of their mission. St. Boniface Hospital Foundation is no exception. As we raise funds for excellence in health care and research, we allocate a portion of gifts to support this effort – everything from printing and postage to office supplies and staff salaries.