Hackers may have gotten access to individuals’ bank and Social Security information in a ransomware attack over the summer on a data storage and software provider that serves dozens of Texas nonprofits and universities.
“After July 16, further forensic investigation found that for some of the notified customers, the cybercriminal may have accessed some unencrypted fields intended for bank account information, Social Security numbers, usernames and/or passwords,” Blackbaud Inc. disclosed in a regulatory filing this week. “In most cases, fields intended for sensitive information were encrypted and not accessible.”
In an updated notice on its website, Blackbaud said that its new findings “do not apply to all customers who were involved in the incident” and that it had contacted potentially affected customers.
“We sincerely apologize that this happened and will continue to partner closely with our customers as we jointly navigate this cybercrime incident,” Blackbaud said in a statement on its site.
In August, the company had said that the hackers didn’t have access to credit card information, bank account information or Social Security numbers. At the time, affected organizations told their donors and others that hackers may have acquired only personal information including names, titles, dates of birth, phone numbers and email addresses.
South Carolina-based Blackbaud, which operates a hub in Austin, is one of the world’s largest cloud-based data storage and software providers for colleges and nonprofits. Blackbaud reported $900 million in revenue and more than 45,000 global customers last year.
The company notified clients and investors of the ransomware attack on July 16, two months after the company said it had learned about it.
In August, the George W. Bush Presidential Center, Boy Scouts of America, the Communities Foundation of Texas, the Texas Tech Foundation and the University of Texas at Austin all notified donors that they were a on a growing list of organizations affected by a ransomware attack.
The attack affected as many as 1,500 nonprofit clients of Blackbaud, the Communities Foundation of Texas told donors in August. Irving-based Boy Scouts of America alone has an alumni network of 50 million people, according to its site.
The extent of the attack is still being revealed. Last week, the University of Dallas notified its backers that it had also been affected by the hack.
Blackbaud said in the filing that it was continuing its investigation “for the foreseeable future.”