You may have recently received an email informing you of a security breach on the part of Blackbaud, a cloud software company specializing in nonprofits and educational institutions that has more than 25,000 customers around the world. Some of these customers include Jetblue, Boston University, The Tenement Museum, the Children’s Hospital of Pittsburgh Foundation, and more.
In May of 2020, Blackbaud experienced a ransomware attack in which a cybercriminal attempted to lock Blackbaud out of its own servers and data. Once Blackbaud discovered this attack, they were able to keep the hacker from blocking system access and fully encrypting files, ultimately expelling the cybercriminal from the system. However, prior to locking the hacker out, s/he was able to remove a copy of a subset of data.
While this did not include credit card, bank account, or social security information, it may have included demographic information including customer and donor names, physical and email addresses, telephone numbers, and giving history. To ensure this data was safe, Blackbaud paid the cybercriminal’s ransom for it and received confirmation that it had been destroyed.
However, if you think your data may have been affected, remain vigilant. Although Blackbaud has “no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly,” you should still monitor your accounts for unusual activity and promptly report any suspicious activity or suspected identity theft to the Blackbaud customer organization you’re associated with, to Blackbaud, and/or to the proper law enforcement authorities.
As for Blackbaud, they’ve already implemented several changes to better protect its users’ data. According to a statement by one of the customer institutions affected, “The company has confirmed through testing by multiple third parties, including the appropriate platform vendors, that its fix withstands all known attack tactics. Additionally, Blackbaud notes that it is accelerating its efforts to further harden its environment through enhancements to access management, network segmentation, and deployment of additional endpoint and network-based platforms.”