Preemptively, I'd like to flag that we should connect around strategy if it's appropriate for all WordFly-based orgs to reach out to our patrons about the ransomware data breach.
I have absolutely nothing deeper than that to say yet, but it occurred to me earlier today that, should we need to do this, a good number of tri-state area people may suddenly be on the receiving end of dozens of alarming notifications and make the issue feel even larger. A coordinated notification may be a better approach.Should today's Town Hall reveal that we ought to pursue this, we'll spin up an initial Zoom or something along those lines.Please go ahead and use this thread to note ideas or even just interest.CC: to the NJ folks, Howard Levine and Mark DuBose
I had not been thinking we need to notify patrons, but one element of concern after the Town Hall is we did map donor giving levels, for purposes of dynamic content. So theoretically, if I'm understanding it correctly, that mapped data could be part of the breach, and thus a donor's individual contribution total could be breached info as well.
Does that sound correct, based on what everyone heard? Is anyone else in this boat? I'm still not clear if we should notify people, since the actual financial transaction details weren't compromised (i.e. payment info) - and I'm afraid to cause a needless panic because I fear patrons won't understand the difference. But I also certainly want to be transparent for our patrons if there is any reason they should be concerned.
That would be included, yes.