Security News > 2020 > October > Blackbaud Says Bank Account Data, SSNs Impacted in Ransomware Incident
Documents filed by cloud software provider Blackbaud with the United States Securities and Exchange Commission this week reveal that bank account details and social security numbers might have been affected in a ransomware attack earlier this year.
At the time, the company admitted to paying ransomware operators so that they would delete the data exfiltrated during the attack, but said that no personally identifiable information or bank account details were compromised.
In a Form 8-K filing this week, the cloud software company said a subsequent investigation revealed that the attackers were able to access data related to bank accounts, social security numbers, and login credentials.
"After July 16, further forensic investigation found that for some of the notified customers, the cybercriminal may have accessed some unencrypted fields intended for bank account information, social security numbers, usernames and/or passwords. In most cases, fields intended for sensitive information were encrypted and not accessible," the company said.
Blackbaud said it took steps to inform the potentially impacted users in July, but that the new findings do not apply to all of those who were affected by the ransomware attack.