icon-cheveron-left Back

Information Security Notice

icon-cheveron-left Back

To our community:

We want to let you know of a data security incident that was recently brought to our attention. On July 16, 2020, The Bowery Mission (including New York City Rescue Mission and Goodwill Rescue Mission) was notified by a third party vendor, Blackbaud, of a recent cybersecurity incident. The Bowery Mission utilizes Blackbaud to provide cloud-based data management services for our donor and financial databases. Blackbaud’s email notification indicated that Blackbaud had discovered and stopped a ransomware attack. Blackbaud stated that it worked with independent forensics experts and law enforcement officials to expel the cybercriminals from its system. The Bowery Mission was affected by this incident because it appears that a copy of a subset of our data was removed from Blackbaud’s system. 

The security of your personal information is of paramount importance to us, and we take this matter extremely seriously. As soon as Blackbaud notified us of this incident on July 16, 2020, we immediately began working with our data privacy attorney to fully investigate and comprehend the full scope of this incident. The investigation is ongoing, but in the interest of full transparency we wanted to make you aware of this incident as soon as possible. Many other organizations that work with Blackbaud were also affected, including colleges and universities, international charities, and small local nonprofits. It is our understanding that these organizations are also investigating. 

Blackbaud has informed us that the cybercriminal did not access Bowery Mission usernames, passwords, credit card information, bank account information, or social security numbers and that much of the information was encrypted. Although Blackbaud has informed us that it has no reason to believe that any data will be made publicly available, The Bowery Mission is vigorously investigating to fully determine the scope of this incident, out of an abundance of caution. Should we determine that personal information was acquired by the cybercriminal, we will promptly notify any individuals whose personal information was involved. 

We are thankful for your continued support. Should you have any questions or concerns, please do not hesitate to email datasecurity@bowery.org

Sincerely,

James Winans, CEO