- Mackenzie Ritchie Manager
News & Press Releases
In an effort to provide those who visit this site with up-to-date information regarding events or stories of interest happening within the diocese, the Secretariat for Communications researches and prepares articles and news releases.
Access to the most recent news is available under "News Headlines" on the home page. Copies of old stories are available by accessing the Archives at the end of the News and Press Release section.
Notification of Security Incident with Third-Party Database Provider
FOR IMMEDIATE RELEASE — JULY 23, 2020
GAYLORD, MICHIGAN — On July 16, 2020, the Diocese of Gaylord was notified by one of its third-party database service providers, Blackbaud, of a database access security incident. Specifically, Blackbaud reported that they became aware of and — together with independent forensics experts and law enforcement — stopped a ransomware attack in May 2020. In ransomware attacks, cybercriminals attempt to disrupt businesses by locking them out of their own data and servers.
DATA INVOLVED IN THE INCIDENT
The Diocese of Gaylord uses Blackbaud’s database and accounting products “Raiser’s Edge” and “Financial Edge” for communication, stewardship and accounting. These diocesan databases do not store bank account information, but include encrypted/redacted credit card information and social security numbers if voluntarily provided. With regard to the aforementioned security incident, Blackbaud reported that the cybercriminal did NOT access any bank account information, credit card information or social security numbers contained within affected databases.
However, Blackbaud informed the Diocese of Gaylord and other affected organizations that prior to locking the cybercriminal out, the cybercriminal was able to remove a copy of affected organizations’ backup files containing constituents’ personal information. Blackbaud has determined that the file the cybercriminal removed may have contained contact information, demographic information and a relationship history with the organization, such as donation dates and amounts. Blackbaud reported that it paid the cybercriminal’s ransomware demand upon confirmation that the backup files the cybercriminal removed were destroyed.
Upon becoming aware of the breach, Blackbaud’s teams quickly identified the vulnerability associated with this incident, including the tactics used by the cybercriminal, and took swift action to correct it. Blackbaud reports that they have confirmed through testing by multiple third parties, including the appropriate platform vendors, that their corrective actions will withstand similar attacks in the future. Additionally, they are accelerating efforts to further strengthen their environment through enhancements to access management, network segmentation, deployment of additional endpoint and network-based platforms.
Upon being notified, the Diocese of Gaylord spoke with Blackbaud representatives to better understand what had occurred; reanalyzed the contents of the affected diocesan databases; and considered any risks to constituents for whom information is contained in these diocesan databases.
WHAT CONSTITUENTS CAN DO
Due to bank account information, credit card information and social security numbers NOT being accessed in this security incident, Blackbaud reports that there is no action necessary for constituents. However, out of an abundance of caution, the Diocese of Gaylord will mail a notice to constituents for whom information is contained in their affected databases. For any further questions, constituents may contact the diocese at 989.732.5147.
# # #
The Diocese of Gaylord was established by His Holiness Pope Paul VI on July 20, 1971. The territory encompasses 11,171 square miles and includes the 21 most northern counties of Michigan’s Lower Peninsula. The region is home to nearly 50,000 Catholics, served by 75 parishes, 17 Catholic schools and many closely-related institutions. For more information, visit www.dioceseofgaylord.org.
Media Contact: Ms. Mackenzie Ritchie, Manager of Communications / firstname.lastname@example.org / 989.732.5147