Ransomware is a type of software designed to lock an information servers or data and prevent it from being used by the host organization unless a payment is paid, often in the form of a cryptocurrency such as bitcoin. In this case, an unspecified amount was paid by a
The
Blackbaud did not respond to requests for further information about how many of its Canadian clients were affected but its website lists several Canadian foundations affiliated with hospitals, charities and not-for-profit organizations.
But CAMH and Western noted in their communications that the attacker would have had access to individual names, dates of birth, contact information, donations or engagement with the fundraising organizations — information that can be bought and sold by criminal organizations around the world.
"In addition to notifying all potentially affected parties directly, we are working closely with Blackbaud to understand why this happened, what data was impacted, and what actions they are taking to increase their security," the CAMH letter said.
"While this did not affect the Foundation's IT systems and infrastructures, we wish to assure you that we have robust protocols in place, and are continually keeping up with industry standards, including testing the security of our internal systems to be assured that the information we host is secure."
CAMH said in a statement Thursday it would issue further updates if the situation evolves.
A request for more information from Western was referred to its media department but there was no immediate response Thursday.
A notice it sent last week said the university had notified privacy officials and recommended that donors contact local law enforcement if they see any suspected identity theft or other suspicious use of their personal information.
Western also said it had suspended the use of Blackbaud "for the time being" while it investigated the incident.
Blackbaud officials said Thursday during a regular quarterly conference call with analysts that its own security personnel and outside experts include law enforcement have found no has no reason to believe any data went beyond the cybercriminal or will made available publicly.
"I'd like to just like to apologize on behalf of Blackbaud for the incident," said CEO and president
Blackbaud is a well-established company that generated
This report by
© 2020 The Canadian Press. All rights reserved., source