Documents filed by cloud software provider Blackbaud with the United States Securities and Exchange Commission (SEC) this week reveal that bank account details and social security numbers might have been affected in a ransomware attack earlier this year.
In June 2020, Blackbaud, which is mainly known for the fundraising suites employed by charities and educational institutions, but which also offers payment services, announced publicly that it managed to stop a ransomware attack, but not before some data was stolen.
At the time, the company admitted to paying ransomware operators so that they would delete the data exfiltrated during the attack, but said that no personally identifiable information (PII) or bank account details were compromised.
In a Form 8-K filing this week, the cloud software company said a subsequent investigation revealed that the attackers were able to access data related to bank accounts, social security numbers, and login credentials.
“After July 16, further forensic investigation found that for some of the notified customers, the cybercriminal may have accessed some unencrypted fields intended for bank account information, social security numbers, usernames and/or passwords. In most cases, fields intended for sensitive information were encrypted and not accessible,” the company said.
Blackbaud said it took steps to inform the potentially impacted users in July, but that the new findings do not apply to all of those who were affected by the ransomware attack.
“Customers who we believe are using these fields for such information are being contacted the week of September 27, 2020 and are being provided with additional support,” Blackbaud noted in the filing.
The company also said that the investigation into the incident will continue, just as will security improvements to its systems. Customers, stockholders and other stakeholders will be informed of any new details that are uncovered during the investigation.
“Ransomware’s double jeopardy factor is an effective attack vector for cybercriminals in this situation. It exfiltrates valuable original research data and IP for later sale on the dark web while locking the authors out of files that could potentially contain 100s of hours of irreplaceable work,” Matt Lock, UK Technical Director at Varonis, said in an emailed comment.
Related: FBI Warns of NetWalker Ransomware Targeting Businesses
Related: UCSF Pays Cybercriminals $1.14 Million After Ransomware Attack
Related: Netherlands University Pays $240,000 After Targeted Ransomware Attack