Cyber Incident Victim: Buffalo and Erie County Public Library

The Buffalo and Erie County Public Library experienced a cybersecurity incident involving unauthorized access to donor data between February 7 and May 20, 2020. The breach occurred through a ransomware attack targeting Blackbaud, a third-party software vendor responsible for maintaining the library’s donor database. Cyberintruders infiltrated Blackbaud’s systems during this three-month period and accessed information related to library donors before being detected and blocked by the vendor. Library officials confirmed the attackers did not compromise financial records, banking details, credit card information, passwords, or Social Security numbers during the intrusion. The incident was publicly disclosed by the library on August 10, 2020, following an investigation into the vendor’s security breach.

The compromised data consisted of non-financial donor records containing names, physical addresses, telephone numbers, email addresses, and basic information about individual donations to the library system. Blackbaud successfully expelled the attackers from their systems and implemented security measures to prevent further unauthorized access, though the breach occurred before this containment. Library spokesperson Jeanne Jakubowski emphasized that the intrusion exclusively affected donor information managed by Blackbaud and did not impact internal library systems or patron records. No evidence suggested misuse of the accessed data at the time of disclosure. The library maintained operational continuity throughout the incident as the attack was confined to the vendor’s infrastructure rather than the library’s direct network environment.