Blackbaud: Bank details and passwords at risk in giant charities hack

Blackbaud: Bank details and passwords at risk in giant charities hack

By Leo Kelion
Know-how desk editor

picture copyrightGetty Photos

picture captionBlackbaud’s software program is utilized by non-profit organisations to assist get hold of donations

Checking account data and customers’ passwords are amongst particulars feared stolen by hackers in a safety breach at a service used to lift donations from thousands and thousands of individuals.

Many UK universities and charities, in addition to a whole bunch of different organisations worldwide, use the software program concerned.

Its developer Blackbaud

made the admission in a regulatory filing.

The agency beforehand mentioned the theft had been restricted to other personal data – but not payment details.

It added it was contacting affected shoppers. They, in flip, might want to ship follow-up alerts to at the least among the donors that they had already contacted in regards to the incident.

Thousands and thousands of individuals worldwide have been warned they may have been affected within the unique alerts despatched out in regards to the assault over current months.

‘Not acceptable’

The South Carolina-based firm mentioned the brand new findings didn’t apply to all shoppers affected by the hack, however acknowledged that, in some instances, the fee data concerned had not been digitally scrambled, as might need been anticipated.

“Additional forensic investigation discovered that for among the notified clients, the cyber-criminal could have accessed some unencrypted fields supposed for checking account data, social safety numbers, consumer names and/or passwords,” its submitting mentioned.

picture copyrightGetty Photos
picture captionDozens of universities have despatched emails and different alerts to present college students and alumni in regards to the assault

“Typically, fields supposed for delicate data have been encrypted and never accessible.”

An up to date safety discover on the agency’s website added that the firm did not believe credit card details had been exposed.

One cyber-security knowledgeable mentioned it was important that affected donors be informed as quickly as potential.

“It is merely not acceptable to retailer monetary information, and passwords, in an unencrypted type,” mentioned Prof Alan Woodward from the College of Surrey.

“This newest revelation signifies that whereas their clients relied upon their preliminary statements to reassure those that banking data was not affected, that has now to be doubtlessly reversed.”

Authorized claims

The BBC has requested Blackbaud if any of its UK-based shoppers have been amongst these affected however has but to get a response.

In mid-August, the Info Commissioner’s Workplace mentioned it knew of 166 UK organisations that had been affected by the safety breach.

They included dozens of universities in addition to health-related charities, faculties and trusts set as much as take care of historic buildings.

Worldwide shoppers who have been affected additionally included hospitals, human rights organisations, non-profit radio stations and meals banks.

The hack occurred in Might and was first disclosed to the general public in July.

On the time, Blackbaud mentioned it had paid the attackers a ransom and believed the thieves had subsequently destroyed the stolen information.

Paying a ransom in such circumstances just isn’t unlawful, however goes in opposition to the recommendation of quite a few regulation enforcement businesses, together with the FBI, NCA and Europol.

A banking safety information website reported final week that Blackbaud faces at least 10 lawsuits in the US over the matter.

Associated Subjects

  • Charities

  • Cyber-crime
  • Cyber-security
  • Cyber-attacks
  • United States


Please enter your comment!
Please enter your name here