WINNIPEG -- The Heart & Stroke Foundation is advising donors and volunteers with the organization to take extra precautions after learning of a data breach that may involve personal information.

In a letter sent out to donors and stakeholders, the non-profit organization said Blackbaud, a software provider for non-profit organizations, discovered and stopped a ransomware attack in May. Blackbaud said the ransom was paid, and the relevant data was destroyed.

The foundation said it was notified of the attack on July 16.

“While Blackbaud has informed us that Heart & Stroke was not specifically targeted, we want to provide you with the same information that Blackbaud has provided us,” Doug Roth, CEO of the Heart & Stroke Foundation, said in the letter.

The letter said contact information, such as names, email addresses telephone numbers, and addresses may be impacted. The foundation said, according to Blackbaud, data such as credit card numbers, usernames, and passwords were not compromised, as that information is encrypted.

“Blackbaud has informed us that there is no reason to conclude that the data related to the Heart & Stroke community will be misused, but we recommend that you exercise additional prudence,” Roth wrote. “As the information affected is mainly contact information, the greatest risk would be from someone impersonating Heart & Stroke to solicit funds.”

Roth said donors and volunteers who receive suspicious emails or communications that claim to be from the Heart & Stroke Foundation should inform the foundation about the communications received.

Roth added investigators are continuing to monitor for any usage of the stolen data. He said Blackbaud is confident the data was removed and has not been used further.