The Mariners’ Museum and Park was recently notified by our third-party database provider, Blackbaud, that they were subject to a recent ransomware attack. After discovering the attack in May 2020, Blackbaud’s Cyber Security team worked with independent forensics experts and law enforcement to successfully stop the ransomware attack.
Although a copy of our database backup was part of this incident, the file the cybercriminal removed a copy of did not contain any sensitive information like credit card numbers. Access to our files was limited to a section of our database that contained names, contact information, and donation dates and amounts. The Museum does not collect or store social security numbers, identification numbers, banking information, or any personal information as defined by Virginia Code § 18.2-186.6(B).
Once again, any credit card information that you may have shared with us by mail, phone or on our giving page to process your generous donations and/or memberships was not affected during this ransomware cyberattack.
Because protecting customers’ data is Blackbaud’s top priority, they paid the cybercriminal’s demand with confirmation that the copy the criminal removed had been destroyed. Based on the nature of the incident, their research, and third party (including law enforcement) investigation, Blackbaud has no reason to believe that any data went beyond the cybercriminal, was or will be misused or disseminated. You can read more about Blackbaud’s Cyber Security practices and next steps following this incident here.
If you have any questions or concerns, please feel free to contact Luisa A. Vázquez-López, director of individual philanthropy at lvazquez@MarinersMuseum.org or (757) 591-7705.
Because we are committed to protecting all of the information that you share with us, we felt it best to be transparent and tell you about this incident. We sincerely regret any inconvenience or concern caused by this incident. We will continue to stay vigilant and monitor Blackbaud’s response to ensure the continued safety of our data and the privacy of our constituents.