Notice of Data Breach
The purpose of this page is to inform our donors about a situation that may have exposed some personal information that is stored in the Ventura College Foundation’s database.
The protection of your information is taken very seriously by the VC Foundation. Please know that this data breach wasn’t the result of the VC Foundation’s carelessness or neglect, but rather a cyber attack on our database vendor. As soon as we were alerted on July 16, 2020, our staff started taking action to learn more about this cyber attack so we could knowledgeably inform and explain the circumstances, the steps that have been taken in response, and the resources that are available to you.
On July 16, 2020, the Ventura College Foundation was informed by Blackbaud (one of the world’s largest providers of financial and fundraising technology to nonprofits), that it was hacked and data from its clients throughout the world, including the VC Foundation, was held for ransom by cybercriminals. This was a very sophisticated ransomware attack that included database and donor management system back-up files for our Blackbaud Raisers Edge/NXT, beginning on February 7, 2020, and could have been in there intermittently until May 20, 2020.
In May 2020, Blackbaud discovered and stopped this ransomware attack. According to Blackbaud, the criminals did not have access to encrypted credit card information, bank account information, usernames, passwords, or Social Security numbers stored in client databases.
However, Blackbaud did determine that the compromised information may have contained the following:
- Contact information (Name, mailing address, phone, and email addresses)
- Contact demographical information (Age, gender, birthday, relationship to the VC Foundation and/or Ventura College)
- History of a donor’s relationship with the VC Foundation including donation dates and amounts
Blackbaud paid an undisclosed ransom to the criminals after evidence showed that the stolen data had been destroyed. Blackbaud says the results of its research and that of forensics experts and law enforcement (the F.B.I.) indicate that it is highly unlikely that the stolen information was ever released, misused, or will be disseminated or otherwise made available publicly. Blackbaud and independent agencies are continuing to monitor the situation.
Upon learning of this cyberattack, the VC Foundation immediately alerted the members of our Board of Directors, Ventura College’s Executive Leadership and I.T. Services Department, and the Ventura County Community College District’s Campus Police Department.
Additionally, the VC Foundation is in the process of contacting all database and donor constituents via electronic or mail notification so you can take immediate action to protect yourself. Per California law (California Civil Codes s. 1798.29(a) [agency] and California Civ. Code s. 1798.82(a) [person or business].), this Notice of Data Breach, dated July 17, 2020, will be submitted electronically to the State of California Department of Justice, Attorney General’s office and in accordance to the notification laws in other US states as applicable.
The security of our database and donor management system is of the utmost importance to us. We selected Blackbaud’s Raisers Edge/NXT to store and manage our Foundation's databases because of its reputation as one of the world's leading providers of nonprofit financial and fundraising technology. Since Blackbaud is a publicly-traded company listed on the NASDAQ exchange (BLKB), with a market cap of $2.7 billion on revenue of approximately $908.2 million, it has the financial means to protect donor information.
Blackbaud has reassured its database customers that it has already implemented several changes that will protect our data and your information from any subsequent incidents. First, Blackbaud’s teams were able to quickly identify the vulnerability associated with this incident, including the tactics used by the cybercriminal, and took swift action to fix it. From the information we received on July 16, 2020, Blackbaud has confirmed through testing by multiple third parties, including the appropriate platform vendors, that this fix withstands all known attack tactics.
As a best practice, we recommend you remain vigilant and promptly report any suspicious activity or suspected identity theft to us and the proper law enforcement authorities.
Please note that the VC Foundation uses a third-party vendor (not associated with Blackbaud or its products) that encrypts credit card transactions that are processed via our website, text-to-give campaigns, and crowdfunding projects. Any recent credit card information that you have shared with us or inputted on our giving page to process your generous donations was secure and not effected during this ransom cyberattack.
While legally the State of California doesn’t require that we inform our donors of this data breach because sensitive information such as credit card, social security numbers, driver’s license numbers, and/or federally issued identifications was not involved, it is important to us that we keep you informed regarding a cyber breach of your donation records.
The Ventura College Foundation leadership and staff aspire daily to practice our profession’s Code of Ethical Standards. As members of the Association of Fundraising Professionals’ (AFP), we practice integrity, honesty, truthfulness, and adherence to the absolute obligation to safeguard the public trust. As a valued donor, know that we value the privacy, freedom of choice, and interests of all.
We sincerely regret any inconvenience or concern caused by this incident. Hopefully, your trust and support of the Foundation is reassured due to our prompt response and transparency. We at the VC Foundation are deeply disturbed by what has occurred and will work hard to further secure our systems and vet our partners’ security protocols. You are an important member of the Ventura College/Ventura College Foundation family and we believe “that all donors have the right to be assured that information about their donation is handled with respect and with confidentiality to the extent provided by the law,” as stated in the AFP’s Donor Bill of Rights.
Executive Director Anne Paul King's letter to donors regarding breach.
Donor Bill of Rights
AFP Code of Conduct