Philanthropists in Maine and around the world are now learning their personal data was held hostage by hackers this spring.

A diverse array of local nonprofit organizations, churches and schools are informing donors this month that their giving history and some personal details may have been compromised in an as-yet-unsolved four-month ransomware attack on Blackbaud, a cloud-based data storage company in South Carolina that serves the philanthropic community.

Impacted groups range across the political spectrum, from the Roman Catholic Diocese of Portland to Planned Parenthood of Northern New England, according to their websites, and in size, from schools as small as Cheverus High School in Portland, with a student population of under 500, to Bowdoin College in Brunswick, whose population is nearly four times that.

Supporters of social service providers like Good Shepherd Food Bank in Auburn, research institutions like The Jackson Laboratory in Bar Harbor and tourist attractions like Coastal Maine Botanical Gardens in Boothbay got letters, emails and newsletter alerts about the Blackbaud security breach this week and what it may mean for them.

Blackbaud informed Bowdoin College on July 16 that its alumni and parent engagement, fundraising and donor information was compromised in the springtime ransomware attack. The college shared the bad news with its philanthropic community through an email from two of its senior vice presidents on Wednesday, 13 days later.

In the email, Bowdoin said it was donors’ personal information, such as names, dates of birth, addresses and giving history details, that was compromised, not financial details such as bank account or credit card data. However, they urged all supporters to remain vigilant and report any suspicious financial activity to both Bowdoin and the police.


Some, like Cheverus, advised anxious supporters on how to put a freeze on their consumer credit reports, and used the notification as an opportunity to express their gratitude for their continued financial support during difficult economic times, when many nonprofits are struggling to raise funds in an economy crippled by the COVID-19 pandemic.

“We sincerely apologize for this incident and regret any inconvenience it may cause you,” Cheverus officials told supporters.

The Blackbaud attack made international headlines in May not only because of the scope and prestige of Blackbaud’s clientele, but also because the company revealed it had paid a ransom to the hackers who had spent three months stealing its data so they could destroy it. On its website, Blackbaud said the hackers provided proof of the data’s destruction, but did not elaborate.

Some Maine nonprofits, like Jackson, informed donors of the breach last week, while others alerted supporters this week, some after conducting their own internal investigations. Preble Street, a social service provider that provides housing, crisis intervention and food in Portland, Bangor and Lewiston, emailed its donors Thursday.

Related Headlines

Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.