The ADA Foundation was among the nonprofit entities whose data was included in a data breach reported by Blackbaud, one of the Foundation’s former service providers. Blackbaud assured the Foundation that sensitive information such as social security numbers and credit card numbers were protected by encryption and was not breached.
Blackbaud, a cloud software company, notified the ADA Foundation of a ransomware attack on the Blackbaud platform, which hosts data for nonprofit fundraising entities such as colleges, universities, health care organizations, schools and other organizations. The ADA’s own IT servers and databases were not the subject of the incident.
Blackbaud reported that it discovered the incident in May and conducted an investigation. Blackbaud reported that it managed to lock out the cybercriminal, but before doing so, some backup files from Blackbaud’s system were accessed and extracted. Blackbaud paid a ransom to the cybercriminal after receiving credible confirmation that the extracted data obtained had been destroyed.
The cybercriminal accessed certain individuals’ full dates of birth, which were not encrypted. However, both the ADA Foundation and Blackbaud believe the risk of identity theft from a breach of full dates of birth is low.
For further details about the ADA Foundation’s response to this incident, visit the ADA Foundation website, or contact the ADA Foundation directly at firstname.lastname@example.org.
For more information about ransomware, visit the Federal Trade Commission Cybersecurity for Small Business: Ransomware web page.