Every organization, no matter how noble its cause, is at risk for data breach threats. Blackbaud, a cloud computing provider that focuses on serving the social good community – including non-profits, educational institutions, healthcare organizations and religious organizations – reports encountering millions of cyberattacks every month. While the company implements proactive security measures to prevent, detect and eliminate cyber threats, it recently discovered a successful ransomware attack that exposed some of its client data.
The Blackbaud clients affected in the data breach are educational and non-profit organizations such as the University College Oxford, the University of London, Human Rights Watch and Young Minds, to name a few. Law enforcement, forensic experts and Blackbaud’s own security team managed to stop the attack. However, the cybercriminals still managed to remove a copy of a subset of data from Blackbaud’s self-hosted environment that included names, student IDs, contact information and other personal.
Blackbaud officials said no Social Security numbers or payment information were exposed during the breach. They did confirm they paid an undisclosed ransom to have the stolen data destroyed by the cybercriminals.
Critics are questioning whether giving into the cybercriminal’s demands is an effective way to deal with cybercriminals.
Is rewarding cybercriminals for successfully stealing company data an effective solution?
In this case, Blackbaud officials said they bought “peace of mind” by paying for stolen data to be destroyed. However, critics have said this might make Blackbaud an easy target for future attacks. They added it also is essentially creating a “demand” for hackers.