Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Blackbaud Says Bank Account Data, SSNs Impacted in Ransomware Incident

Documents filed by cloud software provider Blackbaud with the United States Securities and Exchange Commission (SEC) this week reveal that bank account details and social security numbers might have been affected in a ransomware attack earlier this year.

Documents filed by cloud software provider Blackbaud with the United States Securities and Exchange Commission (SEC) this week reveal that bank account details and social security numbers might have been affected in a ransomware attack earlier this year.

In June 2020, Blackbaud, which is mainly known for the fundraising suites employed by charities and educational institutions, but which also offers payment services, announced publicly that it managed to stop a ransomware attack, but not before some data was stolen.

At the time, the company admitted to paying ransomware operators so that they would delete the data exfiltrated during the attack, but said that no personally identifiable information (PII) or bank account details were compromised.

In a Form 8-K filing this week, the cloud software company said a subsequent investigation revealed that the attackers were able to access data related to bank accounts, social security numbers, and login credentials.

“After July 16, further forensic investigation found that for some of the notified customers, the cybercriminal may have accessed some unencrypted fields intended for bank account information, social security numbers, usernames and/or passwords. In most cases, fields intended for sensitive information were encrypted and not accessible,” the company said.

Blackbaud said it took steps to inform the potentially impacted users in July, but that the new findings do not apply to all of those who were affected by the ransomware attack.

“Customers who we believe are using these fields for such information are being contacted the week of September 27, 2020 and are being provided with additional support,” Blackbaud noted in the filing.

The company also said that the investigation into the incident will continue, just as will security improvements to its systems. Customers, stockholders and other stakeholders will be informed of any new details that are uncovered during the investigation.

“Ransomware’s double jeopardy factor is an effective attack vector for cybercriminals in this situation. It exfiltrates valuable original research data and IP for later sale on the dark web while locking the authors out of files that could potentially contain 100s of hours of irreplaceable work,” Matt Lock, UK Technical Director at Varonis, said in an emailed comment.

Related: FBI Warns of NetWalker Ransomware Targeting Businesses

Related: UCSF Pays Cybercriminals $1.14 Million After Ransomware Attack

Related: Netherlands University Pays $240,000 After Targeted Ransomware Attack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...