Blackbaud, one of the largest providers of education, fundraising, and financial management programs in the world and headquartered in the United States, was hacked. The hack was made in May 2020 and the news was not revealed until July after Blackbaud paid a ransom to the hackers.
The hacker encrypted student and alumni data through a major attack at several universities in the United States, the United Kingdom, and Canada, including Oxford Brookes University, Loughborough University, Ambrose University in Alberta, Canada, York University, University of Leeds and University of London.
Also, among the victims of the attack were Human Rights Watch worldwide, Young Minds, and Rhode Island School of Design in the United States.
Officials learned about the intrusion in May and called law enforcement in and independent forensics experts to work along with Blackbaud’s own security team, as per Blackbaud’s spokesperson. The teams together were able to prevent the blocking of system access for users and encrypting the files completely.
Blackbaud officials first realized that something was wrong when one of the staff detected malicious activity internally. Once the attack was stopped the criminals demanded Blackbaud with a ransom. Company officials did speak on the record but not for direct attribution.
The hack included data of former and current students, employees, and other administrators. In some cases, the stolen data included phone numbers, records of donations, and some events.
The attackers were able to remove a copy data subset from Blackbaud’s self-hosted environment. Bank account information, Credit Card information, Social Security numbers were not stolen, as per Blackbaud’s Spokesperson.
Blackwood did not provide information on the affected persons, confirmed that it wanted to “respect the privacy of its clients” and worked with law enforcement authorities and investigators to ascertain whether the data had not been circulated or sold on the Dark web.
“Although this sophisticated attack with ransomware took place, we were able to close it and we had no reason to believe that this would result in any public disclosure of any of our customer data,” said Michael Gianoni, Blackwood’s CEO.
Blackwood paid a ransom to decrypt the compromised data in Bitcoins, but the amount was not disclosed.
Blackbaud’s public cloud environment of Microsoft Azure and Amazon Web Services data was not involved, nor a majority of the firm’s self-hosted environment. The subset of customers who were affected by the incident was notified and was provided with additional information and resources.
Blackbaud however remained operational during this occurrence. Most of the customers who were part of the incident experienced reported outages. A small number had intermittent availability or disruption in services while the incident was remediated, according to a company’s spokesperson.