Massive Charites Hack Filing Says Hackers Likely Stole SSNs, Bank Accounts, and more
The massive Blackbaud data breach appears to involve more stolen data that previously reported. A US Securities and Exchange Commission (SEC) filing reveals the cybercriminals gained access to sensitive unencrypted data during the three-month long ransomware attack. Over six million individuals and about 25,000 corporate clients are involved.
Blackbaud handles donor relations, data, and financial information for hospitals, human rights organizations, nonprofit radio stations and food banks, universities, hospitals, trusts, and others.
The largest client affected by the Blackbaud breach is Inova Health System in Virginia. Others include Children’s Hospital of Pittsburgh Foundation, Harvard University, Spectrum Health, University of Kentucky HealthCare, the Guthrie Clinic, and Atrium Health. The UK Information Commissioner’s Office is aware that 166 UK organizations are also involved.
The Blackbaud data breach happened on 7 February and went undetected until 14 May. It was not disclosed until mid-July. Blackbaud is working with the Columbia, South Carolina Federal Bureau of investigations(FBI).
“Further forensic investigation found that for some of the notified customers, the cyber-criminal may have accessed some unencrypted fields intended for bank account information, social security numbers, user names and/or passwords,” the SEC filing said.
According to a report in TheNonProfitTimes report, the attackers, cybercriminals accessed donor data including “some unencrypted fields intended for bank account information, Social Security numbers, usernames and/or passwords.” However, Ransomware attack investigations take time and often it is found that more victims and more data was impacted than originally thought.
According to the company’s notice on their website, stolen data varies from client to client. Data belonging to former clients was also compromised from backups exfiltrated by the cyber hackers. Blackbaud has declined to say how many of its 45,000 customers were impacted by the data breach.
Blackbaud Data Breach – How it Happened
In May 2020, Blackbaud discovered that attackers had compromised their data during a ransomware attack. The attackers exfiltrated data from some the company’s cloud servers. The company maintains that the majority of their customers are not impacted by Blackbaud data breach.
Blackbaud Is now defending multiple class action lawsuits in the United States and is the focus but data privacy investigation in the United Kingdom.
Ransomware Attacks Lock Access and Steal Data
Ransomware is a type of malware that infects a computer – usually starting with social engineering, phishing emails or remote desktop access software. Once one computer is compromised, the ransomware quickly spreads to infect other devices connected to the network. Ransomware then blocks out the rightful owner of a computer, network, or data. It can also be used to encrypt individual files or directories.
Ransomware attackers demand payment to relinquish control of infected computers networks open data files.
Blackbaud paid the ransom to gain control of their IT system and data.
“Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed,” say the Blackbaud data breach notice on the company’s website.
The post goes on to say that, …” we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed.”
Of course, when you’re working with cybercriminals who just compromised, your IT network and stole sensitive company data, there’s no guarantee that they will abide by their end of the deal and destroy the stolen information. Sometimes the attackers demand more money and threaten to sell the stolen information on the dark web.
The FBI doesn’t support paying a ransom in response to a ransomware attack.
“Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cybercriminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals,” says FBI Cyber Division Assistant Director James Trainor.
What is Blackbaud?
Blackbaud is cloud software and data intelligence service used by nonprofits, corporations, the education sector, trusts, and healthcare facilities. The company has 45,000 nonprofit, corporate, and government customers in 100 countries. According to their website, Blackbaud’s services Include fundraising, relationship, financial, and program management. The company also handles analytics, grant and award management as well as payment processing for customers.