Blackbaud, a third-party cloud-based service provider, reported a data breach incident in mid-July. However, thousands of Minnesotans are experiencing the ripple effect of the incident as they are receiving the breach notification through email. The letters are being sent to only those individuals whose data, including certain personally identifiable information (PII), fundraiser info, and/or hospital and clinic visit details, have been compromised.
Key Highlights
- Blackbaud security incident affected more than 3 million people around U.S.
- Certain charities and universities in the U.K. have also been affected by it.
- An unknown ransomware gang was attempting to encrypt Blackbaud’s systems but were pushed out of the network by Blackbaud’s vigilant security team.
- The cybercriminals, however, stole an unencrypted data subset from Blackbaud’s systems, which resulted in the massive data breach.
Blackbaud’s Cybersecurity Incident
Blackbaud is particularly known to provide cloud-based fundraising donor management software and database services to thousands of organizations around the world. Its clientele includes some of the top universities, social service nonprofits, health care systems, charitable trusts, and philanthropic organizations of all kinds.
On July 16, 2020, Blackbaud’s internal IT team discovered unauthorized access to its systems. The malicious actor, whose identity is still unknown, reportedly stayed active in Blackbaud’s system between February 7 and May 20, 2020, and may have acquired backups of databases used by its customers. On learning about this incident, Blackbaud informed its customers to stay alert and correspondingly informed the law enforcement authorities about it. On further investigating the incident with the help of cyber forensic experts, Blackbaud’s cybersecurity team linked the malicious actor to a ransomware gang who were attempting to encrypt data on Blackbaud’s system.
Due to the keen observation of some of Blackbaud’s internal cybersecurity personnel, this ransomware attack was averted. However, it was found that certain unencrypted datasets of Blackbaud’s clients were stolen from their systems. This subsequently resulted in one of the biggest data breaches in the state of Minnesota.
Minnesotan Double Whammy
As reported earlier, Blackbaud has a clientele working in health care and non-profit organizations. Thus, two Minnesota based organizations, “Children’s Minnesota Foundation” and “Allina Health” have been severely affected by this data breach. Allina Health has gone forward and informed more than 200,000 of its patients and donors whose data may have been breached in the process. The leaked information of the two organizations potentially contained:
- Full names
- Postal addresses
- Date of birth
- Appointment dates and doctor names
- Locations visited, etc.
However, this leaked subset of data did not include:
- Credit/Debit card information
- Bank account information
- Social security numbers (SSN)
- Any additional medical information, such as diagnosis or treatment plan
Blackbaud takes its commitment to cybersecurity very seriously, and this is evident from how they stopped the ransomware attack before the cybercriminals could encrypt the data. Since it values the privacy of its client’s data, Blackbaud paid the cybercriminal’s demand with a confirmation that the copy they removed from their systems had been destroyed. Blackbaud, with the help of other cybersecurity experts, is now further strengthening their cybersecurity posture to avoid such attacks in the future.
