RICHMOND, Va. (WRIC) — Members and donors of the Virginia Museum of Fine Arts may have had their information exposed due to a third-party data breach.

According to the letter obtained by 8News, the security incident involves Blackbaud, VMFA’s former third party cloud hosting company. Blackbaud, a provider of fundraising and financial management software that serves nonprofit and educational institutions, was recently the victim of a ransom attack.

In the attack, some files maintained by the third-party account were compromised.

“The files contained some limited personal information from our development activities prior to 2015,” the letter read. “The security incident was discovered and stopped by Blackbaud’s cybersecurity team with the help of independent forensics experts and law enforcement.”

While information such as credit card, bank account and social security numbers wasn’t affected, compromised data may have included names and contact information, the announcement added.

The museum warns that no additional action from donors/members is needed at this time.