P2021-ND-005

Ridley College School

The Organization uses a third-party service provider, Blackbaud, who provides a CRM platform to manage information related to donors, students and alumni. On July 16, 2020, the Organization was advised by Blackbaud that cybercriminals accessed their system by using the credentials of a customer who was using Blackbaud?s self-hosted environment, and attempted a ransomware attack. The cybercriminal was able to bypass standard anti-virus controls, before detection. Blackbaud says that it successfully prevented the cybercriminal from fully blocking system access and encrypting files, and was able to expel the intruder. The cybercriminal was able to remove a copy of a subset of data from Blackbaud?s self-hosted environment, which included a copy of the Organization’s records.
? The incident occurred between February 7 and May 20, 2020.

File Type: pdf
Categories: 2021
Tags: Unauthorized access