Blackbaud Data Breach 2020
Are you worried about your personal data? Report it.
If you study at a non-profit institute in the US or the UK, or if you work at a non-profit organization, then probably you already know about the Blackbaud Data Breach. Blackbaud’s clients’ data were attacked. The attack was reportedly thwarted but not before a subset of data was stolen and held for ransom.
What is the Blackbaud Data Breach?
Blackbaud is a South Carolina based software company founded in 1981. They discovered an attack on their data systems in May 2020. Blackbaud, a company listed on the NASDAQ, designs and creates software products, designs and maintains websites and cloud services. They also provide consultancy, research, and data analytics services specifically for non-profit organizations.
Blackbaud helps non-profit organizations market their causes on the internet. They also provide platforms for fundraising campaigns, store and maintain fundraising databases. Their database stores confidential and private personal information of donors, employees, members, and beneficiaries of non-profit organizations. Personal information data includes: names, addresses, contact details, date of birth, social security numbers, credit card information, bank and payment details, student and employee numbers.
What exactly happened?
According to Blackbaud, the attack occurred sometime on February 7, 2020. To secure their systems, they assembled a team of cybersecurity and forensic experts. This team, in coordination with law enforcement specialists, was successful in thwarting the attack. Blackbaud disclosed details of the cyberattack to their users and clients in July 2020. They informed their users that the cyber-attackers copied a subset of data and held it for ransom. They assured their users that they had paid the demanded ransom to get the stolen user data destroyed.
Should you still be concerned?
Because of the pandemic, more and more people are relying on the internet for work and school as well as for shopping and accessing healthcare and other services. As the pandemic pushes more and more people to use the internet to buy, sell, transfer and donate funds. Consequently, the frequency of cyberattacks, data breaches and data theft have also increased. More than 7500 data breaches are reported each month, according to a California consumer protection agency.
The shock and concern of the clients and users of Blackbaud’s services is well imaginable. Anyone who has shared their personal details on a website managed by Blackbaud ought to be concerned. Concerned not just because of the violation of their sense of security. But more so because their trust in Blackbaud’s cybersecurity integrity was left in a lurch.
Breach of trust and loss of confidence
Blackbaud’s job was to keep data safe and they failed. Since Blackbaud’s reputation for cybersecurity has been tainted by this attack, it is a challenge to users how Blackbaud’s pronouncements can be trusted.
There must be several legit questions at the back of every user’s mind. Questions such as:
- Was Blackbaud actually successful in thwarting the attack as they have claimed?
- Can we be sure that the stolen user data has really been destroyed?
- Why did it take so long for Blackbaud to discover the data breach?
- Why did it take so long for Blackbaud to notify its users about the data breach?
- How can we, users, ever be sure that this type of attack will not happen again?
- How can users be sure that Blackbaud is doing as much as it says it is not only to restore its breached data systems but also to prevent future data breaches?
- Can users ever feel safe again?
Potential and future threats
The stolen data contained sensitive personal information of the users. A cyber-attacker could leverage such information to commit cybercrimes against the users. Cybercrimes like identity theft, phishing attacks among many others. Phishing attacks could cause more data breaches and data thefts.
It isn’t easy for a user to know whether their details have been used to create fictitious accounts. How would one know if any such account is going to be (or has already been) used to commit a crime. The users are justifiably concerned. Along with the risk of crimes, such as identity theft, they are also vulnerable to possible extortion. Someone in possession of the personal data stolen from this breach, could individually demand ransom individually from any of these users.
Personal vigilance may not be enough
Blackbaud issued letters to the users whose secured data may have been stolen as a part of this breach. The said letters assured the users that the threat has been thwarted and that there is nothing for them to do except to remain vigilant. They can report any suspicious activities they have observed to Blackbaud or to the non-profit organization. Although Blackbaud has not provided any guidance for its users on how they can minimize the threats to them resulting from this data breach.
How can you secure your personal data?
There are various steps users can take to prevent any criminal misuse of their stolen or leaked personal data. For instance, users can pay for identity theft monitoring services. They alert the users whenever someone attempts to use their email address or social security number to open a bank account or register for a credit card. There are credit card monitoring services as well – if anyone attempts to use a credit card number on the internet to purchase items, then the owner of the credit card will be alerted. These services cost money and the users who are the victims of the Blackbaud Data Breach should not be the one to pay for them.
Report the data breach
Has the Blackbaud Data Breach affected you in any way?
Have you received any notice saying your data has been compromised?
You should report it. Reporting will help hold Blackbaud accountable. Reporting the impact of the data breach on your life will help any investigation of this data breach. Your report may provide courts and other government agencies decide on Blackbaud’s liability to its users for the breach. Reporting can provide you access to resources to minimize any further threat to you from this data breach.
For any help you might need regarding the same, fill up the form to get in touch with a class action lawyer at https://classactionnews.com/ today.
