On behalf of the Archdiocese of Oklahoma City, Catholic Charities of the Archdiocese of Oklahoma City, Oklahoma Catholic Radio, the Catholic Foundation of Oklahoma, and Bishop McGuinness Catholic High School, we are notifying you of a third-party security breach that affected charitable institutions around the world. What Happened We recently were notified by Blackbaud, a third-party database service provider, of a security incident that affected charitable institutions including the University of Oklahoma, Vatican Observatory, and us. At this time, we understand they discovered and stopped a ransomware attack. After discovering the attack, Blackbaud’s cyber security team – together with independent forensics experts and law enforcement – successfully prevented the cybercriminal from blocking their system access and fully encrypting files; and ultimately expelled them from their system. Prior to locking the cybercriminal out, the cybercriminal removed copies of backup files containing some personal information. This occurred at some point beginning February 7, 2020 with intermittent activity until May 20, 2020. What Information Was Involved It is important to note that the cybercriminal did not accessyour credit card information, bank account information or social security number. However, Blackbaud has determined that the files removed may have contained information regarding your name, giving history, address, phone number and e-mail address. Because protecting customer donor data is their top priority, Blackbaud paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed. Based on the nature of the incident, their research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly. What We Are Doing We are notifying you so you can take action to protect yourself. Ensuring the safety of our constituents’ data is of the utmost importance to us. As part of their ongoing efforts to help prevent this from happening in the future, Blackbaud has already implemented several changes that will protect your data from any subsequent incidents. First, Blackbaud’s teams quickly identified the vulnerability associated with this incident, including the tactics used by the cybercriminal, and took swift action to fix it. They have confirmed through testing by multiple third parties, including the appropriate platform vendors, that their fix withstands all known attack tactics. Additionally, they are accelerating their efforts to further harden their environment through enhancements to access management, network segmentation, deployment of additional endpoint and network-based platforms. What You Can Do As a best practice, we recommend you remain vigilant and promptly report any suspicious activity or suspected identity theft to us and to the proper law enforcement authorities. Your continued support for Catholic ministries in the Archdiocese of Oklahoma City is greatly appreciated. We sincerely apologize for this incident and regret any inconvenience it may cause you. Should you have any further questions or concerns regarding this matter, please do not hesitate to contact me personally via email at [email protected] or phone at 405-709-2745. Peter L. de Keratry Executive Director of Stewardship & Development