Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

  • By Dawna M. Roberts
  • Oct 05, 2020

Blackbaud software was victim to a ransomware attack last May, and new information suggests that clients may have lost more than just basic information. 

The Ransomware Attack in May

Initially, the cloud-based software company reported in its breach notification that they paid the ransom in exchange for the copies of the stolen information to be destroyed. However, now in an SEC report, they have acknowledged that much more personally identifiable information (PII) was exposed, including bank details, social security numbers, and usernames with or without passwords.

Blackbaud operating out of South Carolina provides software for marketing, fundraising, and customer relations. The recent reveal affects hundreds of healthcare organizations, education, and non-profits. All told, the ransomware attack perpetrated back in May exposed data for about 10 million users of the software. 

New Details Revealed

On September 30, 2020, Blackbaud filed an 8-K report with the U.S. Securities and Exchange Commission (SEC) that included a lot more detail revealing a more accurate picture of the damage. In it, Blackbaud noted that “Further forensic investigation found that for some of the notified customers, the cybercriminals may have accessed some unencrypted fields intended for bank account information, Social Security numbers, usernames and/or passwords,” according to the SEC filing. “In most cases, fields intended for sensitive information were encrypted and not accessible. These new findings do not apply to all customers who were involved in the security incident. Customers who we believe are using these fields for such information are being contacted … and are being provided with additional support.”

Blackbaud is continuing their investigation and working with security professionals and law enforcement to determine the culprits responsible. 

The company has been criticized for not reporting the data breach until July 16th and is facing at least ten lawsuits in the wake of this catastrophic exposure. With new information coming to light about the specific data that may have been exposed, including PII, identity theft and fraud are a real concern for the victims. 

A Sketchy Deal

Although Blackbaud has admitted that they paid an undisclosed ransom to the attackers to get their data back and did so under the agreement that all copies would be destroyed, there is no assurances that the cybercriminals will keep their end of the bargain. The stolen data may still end up on the dark web for sale. 

According to Brett Callow, a security firm researcher with Emsisoft said, “A breach is a breach, and Blackbaud experienced a breach,” Callow says. “That the company chose to pay the ransom in no way altered the fact that the criminals had accessed and possibly exfiltrated the data. Companies that choose to pay in this scenario are not in any way undoing the breach; they’re simply paying a bad-faith actor for a pinkie promise that the stolen data will be destroyed. Whether threat actors do ever actually destroy data is something only they know, but I’d be very surprised if they did.”

Cybercriminals’ goals are typically financially motivated, so it would be highly unlikely that they would comply with any deals or terms when they could collect the ransom and benefit a second time by selling the stolen information on the dark web. It’s all about profit. 

What is Blackbaud Doing About It

Blackbaud assures their customer base that they have hired a team of experts to monitor the dark web and keep an eye out for any exposed data. Their own security firm and law enforcement agree that they can find no evidence that client data was leaked or has shown up anywhere on the internet.

Their opinion is that the attackers simply wanted to “disrupt” their business operations by encrypting and locking data centers to prevent access. 

The Attack on Healthcare Continues

Blackbaud’s ransomware issue is another in a long line of attacks on healthcare. Many of the clients who use Blackbaud software for fundraising are non-profits or health providers. On Thursday, the U.S. Department of Health and Human Services added more names from the Blackbaud incident to the growing list of healthcare organizations affected by data breaches. Currently, that list includes more than three dozen healthcare organizations. Some of the heavy-hitting data breaches in healthcare this year are:

  • Trinity Health - affected 3.3 million individuals.
  • Nuvance Health (NY) - 315,000 people affected.
  • University of Missouri Health Care - close to 190,000 affected.

Were You Affected?

If you or an affiliate uses Blackbaud software, you may have already received notification about the data breach. However, due to this new information surfacing, you may get a follow-up if your banking details, social security numbers, or other personally identifiable information was exposed. It is always best to assume the worst in any data breach and take quick action to protect those assets. Change your passwords and contact your bank to have them put a freeze on your accounts or restrict access. Any proactive measures you can take now may prevent you from being an additional victim of fraud or identity theft. 


About the Author
IDStrong Logo

Related Articles

46,000 Veterans and 13 Community Care Providers Affected by a VA Data Breach

The Incident Early last week, the Department of Veteran Affairs (VA) was breached by an unkno ... Read More

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “Alien ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Latest Articles

Misconfigured Database Spurs Theft of 63 Million OneMoreLead Records

Misconfigured Database Spurs Theft of 63 Million OneMoreLead Records

OneMoreLead, a business-to-business (B2B) marketing enterprise, suffered a significant data breach late last year. The marketing company left a database misconfigured, prompting the unintentional leaking of 63 million records. 

How to Prevent Data Loss from a Phone Scam

How to Prevent Data Loss from a Phone Scam

When you think of scams, you probably think of them as someone trying to trick you out of money. While data loss is typically not the primary goal of a scam, it can be the outcome.

UNM Health Data Breach

UNM Health Data Breach

The personal information of nearly 700,000 individuals was stolen in a data breach at the University of New Mexico Health. The data breach was revealed in the second half of 2021.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.