Blackbaud Data Breach (2020)

Blackbaud, one of the world’s largest providers of financial and fundraising technology to nonprofits, was hacked and paid a ransom to have the hijacked data destroyed by the cybercriminals. Officials learned of the intrusion in May and called in law enforcement and independent forensics experts to work with Blackbaud’s own security team, a Blackbaud spokesperson said. The teams were able to prevent the blocking of system access for users and the fully encrypting of files. Blackbaud officials first realized something was wrong when staff detected malicious activity internally. Once the attack was stopped the criminals contacted Blackbaud with the ransom demand. Company officials spoke on the record but not for direct attribution. Blackbaud declined to disclose how much was paid to the cybercriminals but it was done using Bitcoin. The firm also declined to say which data center was the entry point or how many are used by Blackbaud. The cybercriminals were able to remove a copy of a subset of data from Blackbaud’s self-hosted environment. Credit card information, bank account information, or Social Security numbers were not stolen, according to the spokesperson. Officials said they have confirmation that the stolen data was destroyed after the ransom was paid. 'We have no reason to believe that any data went beyond the cybercriminal, was or will be misused or will be disseminated or otherwise made available publicly,' the spokesperson said.