P2021-ND-319

On October 15, 2020, the Organization?s former third-party service provider, Blackbaud, advised that it had been subject to a ransomware attack in May 2020. As part of that incident, data was exfiltrated from Blackbaud?s systems. The Organization had previously engaged with Blackbaud as a service provider to process donations and store and manage donor, volunteer and supporter information, but had changed suppliers prior to this incident. Unfortunately, Blackbaud did not delete the Organization?s information and so it was affected in the incident. Blackbaud advised that the data that had been exfiltrated from its systems included a file containing the back-up to the Organization?s donor database. Blackbaud investigated and also said that it received confirmation from the perpetrators that the data that was removed was destroyed. Investigations by law enforcement and external IT forensics experts retained by Blackbaud have found no evidence that data has been shared, misused or made public.

File Type: pdf
File Size: 644 KB
Categories: 2021