Update: (August 7, 2020)
To ensure that Human Rights Watch is taking every reasonable precaution, we are engaging an IT forensics firm to assist with our ongoing investigation.
There is no specific action required on your part at this time. of course we continue to encourage you to remain vigilant and inform the law enforcement authorities in your jurisdiction if you suspect that you are a victim of identity theft.
On July 16, Human Rights Watch was informed by a vendor that it had suffered a data security incident that, unfortunately, affected some of our donor and prospective donor information. This vendor, Blackbaud, reported that a cybercriminal breached its systems.
Human Rights Watch immediately launched an investigation to determine what data was potentially compromised. On July 22, we sent an initial email to everyone in our database with a valid email address to notify them of the breach. We are working as swiftly as possible to conclude this investigation and will notify anyone whose sensitive information was affected, if any.
Human Rights Watch is no longer using Blackbaud to process new credit card or donor information. We understand that Human Rights Watch is one of multiple Blackbaud clients whose data was breached and that this attack did not specifically target our donor database.
Human Rights Watch takes data privacy and security very seriously. We regret that this occurred and are making changes designed to prevent this from happening again.