Stolen laptop contained donors' financial data
A computer that was swiped from a car in Charleston last year contained personal financial information on 84,000 University of North Dakota donors, it was disclosed this week.
The missing laptop belonged to Daniel Island-based software giant Blackbaud Inc., which stressed Tuesday that all of the information was password-protected and encrypted. It also said it was not aware of any data breaches.
Blackbaud said the employee responsible for the computer violated company policy by keeping the data too long. The information belonged to the University of North Dakota's foundation and alumni association. Blackbaud's specialty is developing financial software and services for nonprofit fundraising organizations.
Jake Marcinko, the company's manager of information security and monitoring, said in a statement that the two groups were notified immediately about the theft.
He also said Blackbaud "worked with them to make sure that the people in those files have been notified and are being assisted in taking the steps necessary to monitor their credit information.
"This will help them protect themselves if, in fact, a breach in the security of their information takes place," Marcinko said. "At this time, no known breach of information has occurred."
The computer was stolen from an unidentified worker's vehicle last September in what Blackbaud spokeswoman Melanie Mathos described Tuesday as "a smash-and-grab incident." She did not have other details about the crime.
Mathos said Blackbaud routinely works with customer data files "throughout our regular course of business, however, the employee violated our mobile hardware procedures by storing data beyond the engagement."
The company did not respond to an e-mailed question about whether the worker was reprimanded.
Mathos said Blackbaud "routinely" strengthens its security procedures and policies, and the "fact that the data was encrypted was paramount" in this instance.
Marc Chardon, Blackbaud's president and chief executive, added in a statement: "No matter how well-designed and implemented our security procedures are, including levels of password protection and data encryption, in the case of the physical theft of a computer we presume that the security of customer data has been compromised and move immediately to do everything we can to help our customers notify the people whose names and personal information are on those files."
The theft prompted a man to request a copy of the contract between the software company and the two university-affiliated fundraising groups. Terry Narum wanted to know why those organizations had his Social Security number, North Dakota Attorney General Wayne Stenehjem said.
In a legal opinion Monday, Stenehjem said the contract is public information. The two fundraising organizations argued they were not subject to North Dakota's open-records law.
The Associated Press contributed to this report.