Memorial Sloan Kettering Cancer Center (MSK) was recently notified of a data security incident by Blackbaud, a third-party vendor and provider of fundraising software used by MSK’s Office of Development. This incident at Blackbaud affected hundreds of nonprofits and higher education institutions around the world, including MSK.
Please note: This incident does not involve credit card, bank account or social security number information. The notice below provides you information about the incident and MSK’s response.
On July 16, 2020, MSK was notified of a cyber security incident on the computer network of our vendor, Blackbaud. Blackbaud provides software and other services used in MSK’s fundraising efforts. Blackbaud detected the ransomware activity on their computer network on May 14, 2020. Since Blackbaud maintained some clients’ data on their network, they notified the affected clients, including MSK, that the cyber-attacker was able to copy certain client data files maintained on their network. More information about the incident is available on Blackbaud’s website at www.blackbaud.com/securityincident.
As soon as MSK was notified of the incident, we took immediate action to investigate the situation. For MSK, the file that was copied included the names of some MSK donors or potential donors and a limited amount of demographic information, including mailing address, email address and telephone number. For some individuals, a date of birth was included. In some cases, if an individual was a patient at MSK, that was noted as well. The file also included certain fundraising data obtained from publicly available sources. We have confirmed that no credit card, social security numbers or bank account information was included in the MSK file affected by this incident. MSK continues its follow-up with Blackbaud to determine what additional security measures Blackbaud is implementing in response to this incident.
Given the data elements involved in the incident, we do not believe there are any steps members of our donor community need to take to protect their information. MSK provided written or email notification to individuals whose information was affected by this incident. This posting serves as a further notification in the event the written notification does not reach all affected individuals. MSK has engaged an incident response firm, ID Experts®, to assist with any questions you may have about this incident. For further information, please call ID Experts at 1-833-755-1025.
We sincerely regret any concern this incident may cause for any member of our donor community. We take information security very seriously and will continue to take all appropriate action with respect to this incident. We appreciate your partnership, understanding and support.
Senior Vice President and Chief Development Officer