WBUR and Boston University recently informed donors about the Blackbaud data breach. Donors were notified about the possibility of their personal information being compromised. At present, the exact number of organizations affected by the breach is unclear. However, a bunch of media organizations has reported that several nonprofits and higher education institutions are victims of the breach.

BBC reported that a minimum of 125 organizations is affected by the breach in the UK.

Blackbaud is an organization that delivers fundraising technology.

WBUR does not follow the practice of storing social security numbers, credit card information, or financial data; therefore, such type of sensitive information was not manipulated.

Details about the breach

A ransomware attack recently hit Blackbaud, one of the technology partners of WBUR and a technology firm that offers fundraising technology solutions with over 25,000 institutional clients all over the globe. The company notified its customers about the same.

As per a statement released by Blackbaud back in July, it “discovered and stopped a ransomware attack” in May 2020. The company also mentions that they had identified the attack in time and prevented hackers from blocking the system.

What was at stake?

Attackers managed to steal some data; however, the company explained that no credit card information, financial details, or social security number were compromised.

WBUR states, “We have determined that the files involved may have contained contact information, demographic data, and WBUR donor support details.”

What is the company doing?

To prevent any further damage, Blackbaud stated that the company paid threat actors as per their demand in order to gain confirmation that the copy of compromised data had been destroyed. The company did not disclose the value of the ransom.

“Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly,” Blackbaud said in a statement.

What is being done to ensure security?

Blackbaud has implemented several changes to prevent data from any subsequent incidents.