DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

The Blackbaud ransomware breach — impact on school clients

Posted on February 8, 2021 by Dissent

In July, 2020, cloud software firm Blackbaud announced that it had been the victim of a ransomware attack that began in February of 2020 and continued until Blackbaud was able to kick the attackers out of their system in May. In order to try to protect their clients from having personal and sensitive information on donors, students, or patients publicly dumped, Blackbaud paid the threat actors an undisclosed amount of ransom in exchange for assurances that the threat actors were destroying all copies of any data that had been exfiltrated.

From July until recently, Blackbaud continued to provide its clients with information as to what kinds of data the client had stored with Blackbaud. While DataBreaches.net has been tracking reports of American Blackbaud clients whose reports involved health information of patients or donors, Marco de Felice has been compiling information on foundations, hospitals, and now, in Part 3 of his series on the Blackbaud breach, educational institutions (k-12 and post-secondary).

Marco, who used freedom of information/public records requests of entities and government agencies in multiple countries, reports that he was able to identify 419 educational institutions (universities, colleges, K-12), but that 419 was only a partial number.  For those 419 entities, he had number of people affected for 172 of the entities, partial number of people affected for 87 of the entities, and no numbers for 160 of the entities.  All told, he could account for 7,674,140 people.

Given that there was very little overlap between his list of entities and DataBreaches.net’s list, it seems clear that American health-related entities who used Blackbaud for donor solicitation or donor relations management stored data on many more people than educational entities using Blackbaud’s services.  Specifically, while Marco reports less than 7.7 million people for more than 172 clients, DataBreaches.net tabulated 11,763,304 people for the 87 reports from American medical entities or health-related associations for which numbers had been reported.

In their desire to raise funds, are health-related entities storing too much personal and protected health information with business associates?

Marco has some suspicions about the Blackbaud incident, and readers may wish to read all three parts of his series on SuspectFile  to understand what he suspects and why. You can also follow him on Twitter @amvinfe.

 

Category: Breach IncidentsCommentaries and AnalysesEducation SectorHealth DataMalwareSubcontractor

Post navigation

← Experian says it is investigating if involved in Brazil data breach
Ziggy ransomware shuts down and releases victims’ decryption keys →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.