PORTLAND — The Roman Catholic Diocese of Portland was notified Friday that bank account and credit card information from member organizations was not taken during a May cyberattack on its database service provider.

Member organizations of the diocese include 55 Catholic churches and 15 affiliated schools in Maine.

Blackbaud Inc., a company specializing in cloud computing software specifically designed for nonprofit organizations like the Diocese of Portland, was the victim of a ransomware attack in May, possibly exposing constituents’ personal information.

The company paid the hackers’ ransom demand after receiving confirmation that the stolen files were destroyed.

An email from Blackbaud to diocese members Friday said financial information, specifically bank account and credit card information, was not taken. However, hackers may have been able to access contact information, demographic information and information related to the diocese, including donation dates and amounts. Social Security numbers were not stored in the database and are not at risk.

“Based on the nature of the incident and the research performed by Blackbaud and third-party investigators, we have been told there is no reason to believe that any of the data was disseminated after the breach occurred or holds the potential to be misused,” the email stated.

Blackbaud was able to prevent the hackers from blocking or corrupting the company’s system, however the hackers were able to remove a copy of a subset of data, the email said.

Blackbaud does not believe people should be concerned about the attack, but advises constituents to remain vigilant and report any suspicious activity or suspected identity theft immediately.

Dave Guthro, director of communications for the Diocese of Portland, said constituents have been understanding of the security breach and are relieved that it didn’t involve all of their information.

He noted that most respondents reported receiving similar emails from other organizations. He said he has personally received five similar notices from other organizations due to this incident.


Only subscribers are eligible to post comments. Please subscribe or to participate in the conversation. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.

filed under: