Update (19 November 2020)
Human Rights Watch has now concluded an extensive investigation into this incident. Consistent with certain laws governing some of the information that may have been affected, and out of an abundance of caution and best practice, we are sending notices to some individuals with information about general steps that they can take to protect against potential misuse of personal information.
On September 29, Blackbaud also confirmed that, following its own investigation, it has “no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly.” You can read Blackbaud’s notice on the incident here.
As previously noted, we encourage you to remain vigilant for incidents of fraud, identity theft and cyber scams. If an email appears to be from Human Rights Watch but is, in fact, a phishing email, please let us know using the contact details set out below.
Update: (August 7, 2020)
To ensure that Human Rights Watch is taking every reasonable precaution, we are engaging an IT forensics firm to assist with our ongoing investigation.
There is no specific action required on your part at this time. of course we continue to encourage you to remain vigilant and inform the law enforcement authorities in your jurisdiction if you suspect that you are a victim of identity theft.
On July 16, Human Rights Watch was informed by a vendor that it had suffered a data security incident that, unfortunately, affected some of our donor and prospective donor information. This vendor, Blackbaud, reported that a cybercriminal breached its systems.
Human Rights Watch immediately launched an investigation to determine what data was potentially compromised. On July 22, we sent an initial email to everyone in our database with a valid email address to notify them of the breach. We are working as swiftly as possible to conclude this investigation and will notify anyone whose sensitive information was affected, if any.
Human Rights Watch is no longer using Blackbaud to process new credit card or donor information. We understand that Human Rights Watch is one of multiple Blackbaud clients whose data was breached and that this attack did not specifically target our donor database.
Human Rights Watch takes data privacy and security very seriously. We regret that this occurred and are making changes designed to prevent this from happening again.