Clickability tracking pixel

Ohio Institutions Affected by Blackbaud Ransomware Attack

Several institutions in the state were indirectly affected by a ransomware attack against the global cloud software company Blackbaud. The company serves nonprofits, universities, foundations and other organizations.

by Cameron Fields, The Plain Dealer / August 25, 2020
Cleveland Botanical Garden TNS

(TNS) — Local institutions such as the Cleveland Museum of Natural History, Holden Forests and Gardens, the Cuyahoga Community College Foundation and Kent State University were indirectly affected by a recent ransomware attack on global cloud software company Blackbaud.

Each of the four organizations shared information with their constituents regarding the attack, after learning about it in July from Blackbaud, which serves nonprofit organizations, universities, foundations, healthcare institutions and other organizations.

Blackbaud serves local organizations differently.

At Holden Forests and Gardens, which oversees the Cleveland Botanical Garden and The Holden Arboretum, Blackbaud acknowledged that the attack may have removed information “such as first and last name, email address, mailing address, transaction amounts, and phone number” of members and guests.

The organization recommended that members watch their financial accounts for unauthorized activity and also suggested acquiring a free credit report.

The natural history museum uses Blackbaud’s software and servers for its point of sale system, said Gavin Svenson, of the museum’s IT department. This system involves ticketing, checking in guests and communicating with them.

The Cuyahoga Community College Foundation said in a release Aug. 6 that the “data removed may have contained contact information, demographic information, and a history of the relationship with our organization, such as donation dates and amounts.”

Kent State’s Division of Institutional Advancement manages alumni relationships and philanthropy. The division told constituents Aug. 3 to be aware of suspicious activity or possible identity theft. They also said to be mindful of calls and mail about donation requests.

Leigh Greenfelder, the assistant vice president of advancement communications, said the Division of Institutional Advancement has used Blackbaud’s ResearchPoint platform, which was attacked, for about 12 years.

“It’s very upsetting for us because first of all our alumni are very important to the university, and we certainly don’t want anything to be problematic for them,” Greenfelder said. “So we were disappointed to hear that. Also surprised that it took them so long to let us know, so that was upsetting because we of course want to let people know right away.”

Greenfelder said the division uses ResearchPoint to understand more about constituents.

“It is some basic information that we have in our database, and then ResearchPoint provides back other public information that’s out there essentially that we don’t have,” Greenfelder said. “So maybe things about their (constituents’) demographics, areas of interest. I guess the best way to describe it is they comb through and provide us with a little bit more information that’s publicly available.”

Some people wanted to confirm no bank information or social security numbers was taken. Others weren’t sure if they needed to change their password on a kent.edu email address.

Some asked to be taken off the Division of Institutional Advancement’s list. Greenfelder told people their financial or transcript history couldn’t be removed from the database, but they could be removed from marketing activities. She said the division is looking at new options for a third-party contractor.

The NonProfit Times reported the attack happened in February. Blackbaud noticed the attack in May, and independent forensics experts and law enforcement helped stop the hacker.

Before the hacker was removed from the system, they secured a copy of data. Blackbaud paid the ransom, but made sure the data was destroyed. No credit card information, social security numbers or bank account information was taken, Blackbaud said. Blackbaud declined to comment beyond its July statement.

“Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly,” the company wrote.

©2020 The Plain Dealer, Distributed by Tribune Content Agency, LLC.

Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.

E.REPUBLIC Platforms & Programs