Blackbaud Data Incident

The Boy Scouts of America values its relationships with members, alumni and donors and the faith they put in the BSA, and we are continuing our efforts to make sure our community is aware of a data security incident involving Blackbaud, one of the Boy Scouts of America’s third-party service providers, and one of the world’s largest providers of customer relationship management software.

Blackbaud representatives notified the BSA on July 16, 2020, that Blackbaud had been the target of a ransomware attack. Blackbaud reported that the data security incident started on February 7, 2020 and possibly continued intermittently until May 20, 2020. The BSA was one of numerous organizations that were impacted.

According to Blackbaud, the attack was successfully stopped, and the cybercriminals were expelled from its systems. However, Blackbaud informed the BSA that the cybercriminals removed a copy of a backup file that it stored as part of its ordinary course of operations. That file may have contained a limited amount of some information about individuals affiliated with the BSA, including names, contact information, dates of birth, limited demographic data and a history of their relationship with the BSA.

Blackbaud advised the BSA that, based on the nature of the incident, their research, and law enforcement’s investigation, the stolen data has been destroyed and there is no reason to believe any data went beyond the cybercriminals, was or will be misused, or will be disseminated or otherwise made available publicly.

Nevertheless, out of an abundance of caution, the BSA reminds you it is always advisable to be vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity. You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies. To order your annual free credit report, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting companies is as follows:

  • Equifax, PO Box 740241, Atlanta, GA 30374, www.equifax.com, 1-800-685-1111
  • Experian, PO Box 2002, Allen, TX 75013, www.experian.com, 1-888-397-3742
  • TransUnion, PO Box 2000, Chester, PA 19016, www.transunion.com, 1-800-916-8800

Please know that the BSA takes the security of your information very seriously and shares your concern about this incident. Blackbaud has already implemented changes to its security controls to better protect against a potential future attack, and the BSA is working with Blackbaud and other resources to assess the best path forward.

While the BSA was not the target of this attack, nor was it the only organization affected, it is taking time to learn from this third-party incident and to review its own security practices and system configurations to better protect your information. Individuals with questions can contact our Blackbaud Response Center at IT@scouting.org.

Thank you for your continued support of Scouting.