MacDowell

MacDowell is an organization headquartered in the United States of America. It maintains donor records that include personal identifiers such as driver's license numbers and government ID numbers. To manage this donor information, MacDowell relies on Blackbaud, a third‑party service provider specializing in data management for charitable and educational institutions. The organization's core function involves the collection and administration of contribution‑related data, indicating engagement in fundraising or philanthropic activities. Its headquarters location situates it within the U.S. regulatory environment for data protection and privacy. These activities place MacDowell among entities that handle sensitive supporter information as part of their operational mission.

In October 2020, MacDowell became affected by a ransomware incident that targeted Blackbaud, the service provider entrusted with its donor data. Initially, Blackbaud asserted that no sensitive information had been accessed during the breach. Subsequent investigation revealed that unencrypted fields containing donor data were exfiltrated due to an oversight, a fact that MacDowell only learned after the incident. The compromised data was later corroborated by multiple educational institutions and nonprofit organizations, which identified exposed unencrypted information such as Social Security numbers, bank account details, and philanthropic histories. These entities independently verified inconsistencies in Blackbaud's initial statements, confirming the scope of the data exposure.

The incident underscores MacDowell's reliance on external vendors for the storage and protection of sensitive personal data. While the organization's specific ownership structure, parent‑subsidiary relationships, or equity details are not disclosed in the available sources, its operational focus centers on donor information management. The breach prompted MacDowell to reassess its data‑security practices and the safeguards implemented by its service providers. As a U.S.–based entity handling personal identifiers, MacDowell is subject to federal and state privacy regulations that govern the protection of such information. The experience contributes to the broader awareness of risks associated with third‑party data management in the nonprofit and educational sectors.