June 14, 2021
Operation Eyesight was informed that a May 2020 cybersecurity incident at Blackbaud, one of the world’s largest providers of fundraising and financial management software, has impacted the personal data of some of our supporters. Operation Eyesight was a client of Blackbaud until September 2018 and was not immediately made aware that its data was impacted.
After learning of the incident, we launched our own investigation to determine the scope and to identify the potential risks to the subset of donors and volunteers that may have engaged with Operation Eyesight, and we are now directly contacting all affected individuals. New donors who made their first donation after September 2018 were not affected.
Blackbaud has indicated that investigations by law enforcement and external IT forensics experts have not found any evidence of data being shared, misused or made public. We are posting this on our website out of an abundance of caution to ensure all of our stakeholders are aware of the situation.
We take the confidentiality of all information pertaining to our community of donors, volunteers and supporters seriously and regret the inconvenience this situation may cause anyone. We continually take steps to strengthen our data security measures and we would like to thank our supporters for your ongoing support and trust.
What information was involved?
Blackbaud informed us that a backup file of our database was copied and removed during the incident. We have reviewed this backup file and determined that personal information of some of our donors, volunteers and supporters was included in the breach. The personal information included the following information (if it had been provided to us): name, address, date of birth and banking information or last four digits of a credit card number, donation history, marital status, spouse’s name, emergency contact information, gender, birthplace, ethnicity and religion.
Blackbaud has advised us that usernames, passwords and financial information, including banking or credit card information, was encrypted and therefore not accessible to the hackers. In addition, Operation Eyesight does not store full credit card numbers in its database.
What is Operation Eyesight doing?
We are directly notifying any stakeholder or supporter who should be notified directly. In addition, we have taken the following steps:
What can I do to protect my information?
It is important to remain vigilant for scams. This could come in the form of a “phishing” attack, in which someone uses a deceptive message to get you to click a link or provide personal information. Please note that we will never ask for your password information or log in credentials.
You should also monitor your financial accounts, create strong passwords for any online accounts and be cautious of any unsolicited communications.
The protection of your information is critically important to us. We value the trust our supporters place in us, and we sincerely regret any concern this has caused. If you have any questions, please do not hesitate to contact our dedicated call centre at 1-855-537-2072.
Additional tips and resources for protecting your identity are available at https://www.priv.gc.ca/en/privacy-topics/identities/identity-theft/guide_idt/.
For media inquiries:
Director, Marketing & Communications
Email: rodene [at] operationeyesight.com