A Tampa Bay Syndicate of ABC WFTS broke a story about a massive data breach and ransomware attack of a widely used software and data management company Blackbaud. Cybersecurity specialist Gus Dimitrelos offered his expertise on the crisis and questions the company’s transparency.
According to Dimitrelos, the company should have notified clients within 30 days of the attack. Breach notifications vary by state but in Florida companies do in fact need to notify clients within 30 days. Dimitrelos is concerned that the data company waited too long to notify its clients about the breach because it is unclear when the attack actually happened.
“It was on July 16, that we received an email from Blackbaud notifying us that a security breach had taken place,” said one client Kevin Hughes, Vice President of Development for the New College Foundation in Sarasota.
According to the article, the majority of the financial information that was stolen was encrypted but the cybercriminals will have access to information that could include the,” …name, birthday, home address, phone number, email address, donation history and estimated net worth,” of potential victims. The former secret service agent and specialist believes this was a concerted attack to obtain the data of wealthy clients.
Blackbaud issued a statement saying, “Because protecting our customers’ data is our top priority, we paid the cybercriminals’ demand with confirmation that the copy they removed had been destroyed.”
“If it wasn’t valuable, the company would have just not paid,” Dimitrelos said. He also believes that if the information wasn’t actually destroyed it could be used for further attacks. The expert believes that this was a concerted attack to get information on wealthy individuals in the data.
WFTS says, “Blackbaud has thousands of clients including Zoo Tampa, the Florida Aquarium, the Tampa Metropolitan Area YMCA, and the Boys and Girls Clubs of Tampa Bay.”
A lot of the clients of Blackbluad are nonprofit organizations that have already taken financial hits because of the COVID-19 pandemic. Organizations are working to alert patrons of this cybercrime and Blackbaud is now working with the FBI to figure out how and why this happened.