The Florida-based non-profit social services agency Pace Center for Girls was affected by the breach that occurred at Blackbaud in May. This is the same breach that affected Cal State Northridge which was reported on at the beginning of the month. Blackbaud had been providing fundraising and donor software for the Pace Center. Although no internal record-keeping data was exposed, donor and fundraising information had been accessed—this included donors’ names, physical addresses, phone numbers, birthdates, and donor profile information, such as giving history. The Pace Center said they were maintaining open communication with Blackbaud so that they would be advised of any further developments and that they also “will be rolling out additional intensive authentication processes to further protect our data.”
It is always good to keep open communication with third-party vendors. Companies who use third-party companies should consider a vendor risk management plan. A plan of this nature would make it clear what data and information third parties can access, as well as how the access is monitored. It will also make sure who takes responsibility if a data breach does occur.