Blackbaud under investigation following breach revelations, LogRhythm comments
October 2020 by LogRhythm
Following a ransomware attack in May, Blackbaud has done a U-turn on its earlier claims and confirmed that threat actors were able to access unencrypted fields intended for bank account details, login credentials and social security numbers belonging to some customers. The attack impacted at least 125 organisations in the UK, including the National Trust, mental health charity Young Minds, terminal illness charity Sue Ryder, and homeless charity Crisis. The list of affected universities includes Newcastle University, De Montfort University, King’s College London (KCL), University of York, University of Exeter and University of London.
Blackbaud – which is yet to provide specific information on how many of its customers were impacted – is now facing an investigation in the UK over its handling of customer data and five class action lawsuits have already been filed against the firm. Andrew Hollister, head of LogRhythm labs, comments on this latest development:
“Despite rapidly shutting down the cyber-attack earlier this year, Blackbaud is still experiencing significant and concerning aftershocks following further forensic investigation in to the original attack. While Blackbaud paid the ransom in agreement that the attackers will destroy their copy of the data, there is very little reassurance that the stolen customer data is still not in the hands of a cybercriminal. Now that the exact nature of that data is starting to become clear, those directly impacted by the breach must up their vigilance to prevent further targeted attacks as this is an extremely lucrative haul for hackers.”
“For many breached organisations, the actual intrusion is just the beginning of what can be an extremely long, public and damaging ‘aftermath’. Blackbaud is no different and, as a result of not fully understanding the nature of its original breach, it is now faced with even further uncertainty, regulatory investigation, litigation – and ultimately, added reputational damage. We’ve seen various reports over the last couple of weeks, including a warning to academia from the NCSC, calling out ransomware as an increasing threat to organisations right now, particularly those offering critical services such as healthcare and education. Organisations must ensure that they are taking the relevant steps to prevent ransomware infections at the earliest stage – from patching vulnerabilities to creating and securing backups – in addition to preparing a response plan and prioritising educational training for their users. All organisations holding sensitive data should take a proactive approach to investing in cybersecurity solutions that automatically detect malicious behaviour and enable network infrastructure to block any further access attempts. With so many of our transactions and interactions happening online right now, the gloves really are off for cybercriminals, and now is the time to review and ramp up ransomware detection and prevention strategies.”