The Latest Data Breach

You may have received a data breach notice from an arts organization that uses Blackbaud products. Long story short, Blackbaud was the target of a ransomware attack where the criminals managed to make off with some user data.

The League of American Orchestras notified individuals in their database who may have had Personally Identifiable Information (PII) compromised. According to that email message, this included information “such as your physical and email addresses, telephone numbers, demographic information, and a history of your relationship with our organization, including donation dates and amounts.”

By and large, the League’s notification letter was a good example of what a data breach notice should include…right up until it wasn’t (emphasis added).

Although we currently have no reason to believe that your information will be misused, we encourage you to remain vigilant and promptly report any suspicious activity or suspected identity theft to us, to Blackbaud, and to the proper law enforcement authorities.

Cyberattacks are decidedly a by-the-grace-of-god type of event for any organization, but I am at a loss as to how any one would assume a cybercriminal won’t sell, trade, or use PII.

In case you’re wondering just how much of a problem data breaches have become over the years, here’s a good visualization of the largest data breaches and hacks since 2009 (interactive version):

About Drew McManus

"I hear that every time you show up to work with an orchestra, people get fired." Those were the first words out of an executive's mouth after her board chair introduced us. That executive is now a dear colleague and friend but the day that consulting contract began with her orchestra, she was convinced I was a hatchet-man brought in by the board to clean house.

I understand where the trepidation comes from as a great deal of my consulting and technology provider work for arts organizations involves due diligence, separating fact from fiction, interpreting spin, as well as performance review and oversight. So yes, sometimes that work results in one or two individuals "aggressively embracing career change" but far more often than not, it reinforces and clarifies exactly what works and why.

In short, it doesn't matter if you know where all the bodies are buried if you can't keep your own clients out of the ground, and I'm fortunate enough to say that for more than 15 years, I've done exactly that for groups of all budget size from Qatar to Kathmandu.

For fun, I write a daily blog about the orchestra business, provide a platform for arts insiders to speak their mind, keep track of what people in this business get paid, help write a satirical cartoon about orchestra life, hack the arts, and love a good coffee drink.

Related Posts