Hackers accessed banking data and login credentials of Blackbaud customers

Hackers accessed banking data and login credentials of Blackbaud customers

Ransomware attack on Blackbaud impacted at least 125 UK organisations

CRM solutions provider Blackbaud has confirmed that hackers, who carried out a successful ransomware attack in May, also accessed the bank account information, social security numbers, and usernames and passwords belonging to some of its clients.

In an 8-K filing with the U.S. Securities and Exchange Commission on Wednesday, Blackbaud, among the world's largest providers of alumni database software, said that after completing a forensic investigation into the security incident, it has determined that hackers gained access to more data records than initially believed.

"After July 16, further forensic investigation found that for some of the notified customers, the cybercriminal may have accessed some unencrypted fields intended for bank account information, social security numbers, usernames and/or passwords.

"In most cases, fields intended for sensitive information were encrypted and not accessible. These new findings do not apply to all customers who were involved in the Security Incident. Customers who we believe are using these fields for such information are being contacted the week of September 27, 2020 and are being provided with additional support," the firm said.

"We expect our Security Incident investigation and security enhancements to continue for the foreseeable future. We intend to continue to inform our customers, stockholders and other stakeholders of any such additional information or developments as appropriate," it added.

In July, the Information Commissioner's Office told BBC that the ransomware attack targeting Blackbaud had impacted at least 125 organisations in the UK, including the National Trust, Newcastle University, De Montfort University, King’s College London (KCL), mental health charity Young Minds, terminal illness charity Sue Ryder, and homeless charity Crisis.

The list of affected universities includes the University of York, University of Exeter, University of Leeds, University of London, University of Reading, University College, Oxford, Oxford Brookes University, Loughborough University, Ambrose University in Alberta, Canada, and Rhode Island School of Design in the US.

Bletchley Park, the iconic museum that served as the home for Britain's elite code-breakers and the Government Code and Cypher School (GC&CS) during the Second World War, was also affected by the ransomware attack with hackers accessing the personal information of trustees and donors.

"This breach involved records containing personal information, which may include one or more data fields such as names, titles, dates of birth, email addresses, donation history, mailing or e-newsletter list preference, event attendance or membership, depending on data subjects’ engagement with the Bletchley Park Trust.

"The Blackbaud Cyber Security team, along with independent forensics experts and law enforcement agencies, successfully stopped the attack and secured the destruction of any data held by the cybercriminal. Blackbaud has informed us that it has no reason to believe that any data went beyond the cybercriminal and that the data was deleted after they paid a ransom," the Bletchley Park Trust said.

Copyright Lyonsdown Limited 2020

Top Articles

Popular Trends With Ties to Bitcoin

Love it or hate it, Bitcoin is one of the biggest trends around the globe right now.

Why Bitcoin Has the Highest Market Cap?

Not only is Bitcoin the first cryptocurrency ever invented, but it has managed to remain the most successful one, even as the competition grew, namely, today, there are over 2,000…

Fraudsters leveraging the NHS brand in fresh COVID-19-related phishing scam

Organised crime groups have developed a new phishing tool by leveraging the NHS brand name to lure victims into sharing their personal data.

Related Articles