Security News > 2020 > October > Cloud biz Blackbaud admits ransomware crims may have captured folks' bank info, months after saying that everything's fine

Blackbaud, the cloud CRM provider whose execs bought off ransomware crooks in exchange for a pinky promise that stolen data would not be misused, has now confessed that customers' bank account information may have been taken from its servers by the criminals.

In a US stock market 8-K filing [PDF], Blackbaud admitted the ransomware infection in May potentially resulted in miscreants making off with banking details.

The filing, signed by Blackbaud CFO Tony Boor, said: "After July 16, further forensic investigation found that for some of the notified customers, the cybercriminal may have accessed some unencrypted fields intended for bank account information, social security numbers, usernames and/or passwords. In most cases, fields intended for sensitive information were encrypted and not accessible."

That is the clear opposite of statements it made two months after the hack, when Blackbaud said: "The cybercriminal did not access credit card information, bank account information, or social security numbers. Because protecting our customers' data is our top priority, we paid the cybercriminal's demand with confirmation that the copy they removed had been destroyed."

In July Blackbaud belatedly remembered to tell the world that the ransomware attack, data theft, and subsequent buying-off of crooks had taken place in May. In the following month, as breach notifications percolated through charities and educational institutions, chief exec Michael Gianoni airily boasted to financial analysts that the company had "Stopped" the ransomware.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/10/01/blackbaud_ransomeware_data/