Blackbaud ransomware hackers could access unencrypted banking data and login credentials

Blackboard had originally claimed such data was protected

Cloud services provider Blackbaud has confirmed that threat actors who carried out ransomware attack in May were able to access unencrypted fields intended for bank account details, login credentials and social security numbers belonging to some customers.

In an 8K filing with the US Securities and Exchange Commission on Wednesday, the company said that a forensic probe into the security cyber had revealed that the attackers were able to gain access to more data than was initially believed.

However, according to Blackbaud, the fields intended for sensitive data were not accessible in most cases.

"These new findings do not apply to all customers who were involved in the security incident," it said.

"Customers who we believe are using these fields for such information are being contacted the week of September 27, 2020 and are being provided with additional support."

The forensic investigation into security incident is still ongoing and Blackbaud will inform its customers and other stakeholders of any information worth sharing with them.

The cyber incident occurred in May, although it was publicly revealed only in July after the company said on its website that it had paid a ransom to the hackers.

Blackbaud said its security teams blocked the hackers after detecting the cyber attack, although they had already stolen a "copy of a subset of data" by that time. The company claimed at the time that no payment card or bank account details were compromised in the incident.

The Information Commissioner's Office (ICO) told the BBC in July that 125 British organisations, had contacted it in relation to the data breach. The organisations affected in the incident included dozens of educational institutions, charities, foundations, and non-profits. Some prominent names included the National Trust, mental health charity Young Minds, homeless charity Crisis, and terminal illness charity Sue Ryder.

Many organisations in the US, Canada and the Netherlands were also affected.

Blackbaud faces an investigation in the UK for possible violation of regulations regarding handling of customer data. Five class action lawsuits have been filed in the US against the firm by both non-profits and individual donors.

Blackbaud officials have yet to provide specific information regarding how many of its customers in 100 countries were impacted in the incident. The company has repeatedly said that only a small percentage of its total customers were affected.

The news comes as the researchers from IBM Security X-Force Incident Response team said this week that the incidents of ransomware attacks continued to rise in the second quarter of 2020, with a noticeable jump in June.

According to IBM researchers, ransomware groups are putting a great deal of work into updating their tools and techniques, to match the improvements that private firms have been making to recover from ransomware attacks - a continuation of the ongoing cyber arms race.

Sodinokibi attacks accounted for one in three ransomware incidents that IBM has responded to so far in 2020. The researchers estimate that hackers using the Sodinokibi ransomware have received at least $81 million in payouts this year alone.