Blackbaud Faces Criticism for Paying Ransom in Data Breach

Blackbaud Faces Criticism for Paying Ransom in Data Breach

by | Aug 10, 2020

Every organization, no matter how noble its cause, is at risk for data breach threats. Blackbaud, a cloud computing provider that focuses on serving the social good community – including non-profits, educational institutions, healthcare organizations and religious organizations – reports encountering millions of cyberattacks every month. While the company implements proactive security measures to prevent, detect and eliminate cyber threats, it recently discovered a successful ransomware attack that exposed some of its client data.

The Blackbaud clients affected in the data breach are educational and non-profit organizations such as the University College Oxford, the University of London, Human Rights Watch and Young Minds, to name a few. Law enforcement, forensic experts and Blackbaud’s own security team managed to stop the attack. However, the cybercriminals still managed to remove a copy of a subset of data from Blackbaud’s self-hosted environment that included names, student IDs, contact information and other personal.

Blackbaud officials said no Social Security numbers or payment information were exposed during the breach. They did confirm they paid an undisclosed ransom to have the stolen data destroyed by the cybercriminals.

Critics are questioning whether giving into the cybercriminal’s demands is an effective way to deal with cybercriminals.

Is rewarding cybercriminals for successfully stealing company data an effective solution?

In this case, Blackbaud officials said they bought “peace of mind” by paying for stolen data to be destroyed. However, critics have said this might make Blackbaud an easy target for future attacks. They added it also is essentially creating a “demand” for hackers.

 

Premier Credit Monitoring.

Receive premier credit monitoring and identity theft insurance for you and your family with our MAX plan.**

*Source: Fair Isaac Corporation.

**$1 Million ID Theft Coverage – provides up to $1 million in coverage for: funds stolen by unauthorized electronic funds transfer from an account in your name, legal fees, miscellaneous expenses, and up to $1,500 per week (five weeks maximum) for wages lost while resolving a stolen identity event. Underwritten by AIG.

$25K ID Theft Coverage – provides up to $25,000 in coverage for: funds stolen by unauthorized electronic funds transfer from an account in your name, coverage for elderly and child care, legal fees, miscellaneous expenses, and up to $500 per week (five weeks maximum) for wages lost while resolving a stolen identity event. Family members means up to 3 of the enrollee’s children under the age of twenty-four (24) who permanently live in the same residence as the enrollee at the time of the stolen identity event. Underwritten by AIG.

FICO is a registered trademark of the Fair Isaac Corporation in the United States and other countries.

©2020 IDIQ® provider of MyScoreIQ® services | All Rights Reserved
800-637-5590