Criminals may have accessed private information from donors to at least 16 U.S. universities as part of a cyberattack on cloud computing company Blackbaud.
Hackers were unsuccessful in blocking access to Blackbaud files but did make a copy of a subset of data. Blackbaud paid a ransom to the criminals to destroy this information — a move that is not encouraged by many law enforcement agencies, as ransom payments are thought to encourage further attacks.
Many higher education institutions and nonprofit organizations use Blackbaud platforms to manage donor databases. Data such as donors’ names, addresses and past philanthropic history may have been accessed in the attack, but not credit card information, bank account information and Social Security numbers, as these data are encrypted by Blackbaud.
More than 200 organizations internationally are thought to be impacted by the security breach, which was discovered by the company in May. The company began making disclosures to customers in July, according to reporting by the BBC.