Blackbaud alerts customers after ransomware attack

Software company Blackbaud has notified a group of customers whose data was stolen in a cyberattack and has supplied them with additional information and resources. 

“Based on the nature of the incident, our research, and third-party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly,” the South Carolina-based company said.

“Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed.” 

Blackbaud, which specialises in supplying cloud fund raising and accounting software to charities, not-for-profit organisations and others promoting social good, was commenting after discovering and stopping the ransomware attack. 

The company’s own cyber security team, independent forensics experts and law enforcement, prevented the cybercriminal from blocking access to Blackbaud’s system to fully encrypt files and expel them. 

However, before the attacker was locked out, the cybercriminal removed a copy of some data from Blackbaud’s self-hosted environment.

“The cybercriminal did not access credit card information, bank account information or social security numbers,” the company said, adding the incident did not involve the majority of its self-hosted environment nor its public cloud offerings via Microsoft Azure and Amazon Web Services.

The company prefaced its comments by saying: “Like many in our industry, Blackbaud encounters millions of attacks each month and our expert cyber security team successfully defends against those attacks while constantly studying the landscape to stay ahead of this sophisticated criminal industry.”


Catch the replays and discover the best talks from Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.