Blackbaud Hack – One More Ransomware Attack

by | Dec 11, 2022

Hackers are getting smarter day by day. Every day we are hearing the news on breaches or cyberattacks on a small scale or a mass scale. Last month we have heard of the Twitter attack and this time it’s a ransomware attack on Blackbaud, a US-based company – the largest provider of CRM.

Blackbaud is the largest provider of education, administration, fundraising, and financial management software platform.

Blackbaud was hacked in May 2020. Blackbaud released a statement that before locking cybercriminals out, the cybercriminals copied some of the data from their self-hosted environment.

As per the reports published by BBC, stolen data included phone numbers, donation history, and events attended. Payment details like credit cards do not appear to have been exposed. And also the data is not limited to former students who were financially supporting the institution but also to its staff, existing students, and other supporters.

Which organizations are affected by the Blackbaud hack?

As per BBC reports educational institutions which are affected are:

  1. University of Birmingham, De Montfort University
  2. University of Strathclyde
  3. University of Exeter
  4. University of York
  5. Oxford Brookes University
  6. Loughborough University
  7. University of Leeds
  8. University of London
  9. University of Reading
  10. University College, Oxford
  11. Middlebury College, Vermont
  12. West Virginia University
  13. New College of Florida
  14. Cheverus High School: Catholic High School Portland
  15. The Bishop Strachan School, Canada
  16. University of North Florida
  17. Ambrose University, Alberta, Canada
  18. Rhode Island School of Design, US

Non-Profit organizations such as charities are affected:

  1. Choir with No Name
  2. Vermont Foodbank
  3. Vermont Public Radio
  4. Northwest Immigrant Rights Project
  5. Human Rights Watch
  6. Young Minds
  7. National Trust
  8. Wallich and Crisis
  9. Sue Ryder

As per the BBC, UK’s ICO has informed that 125 organizations had reported to it for the Blackbaud attack. Maybe many more charities or educational organizations may have been affected.

How Privacy Law is affected and its impact?

Under General Data Protection Regulation (GDPR), organizations must report a significant breach to a relevant supervisory authority within 72 hours of becoming aware of the breach or face potential fines. There will be 2 levels of fines based on the breach. The minimum fine is up to €10 million or 2% of the company’s company’s global turnover and the maximum fine is up to €20 million or 4% of the global turnover

If a breach has a significant impact then the organization must notify the Information Commission Officer (ICO) within 24 hours. And also notify the users if they are likely to be affected.

Blackbaud informed The UK’s ICO and Canadian data authorities about the data breach at least 8 weeks after discovering the cyber-attack. This means a clear violation of the GDPR.

The GDPR applies in this case because UK students are among those affected, and they are still covered by all the regulations until the Brexit transition ends on 31st Dec 2020.

All the institutions are sending emails & letters apologizing to those on the compromised breaches.

Actions taken by Blackbaud:

As per the reports Blackbaud has paid undisclosed ransom demand to save the customer’s data. After this, they released a statement that they have paid the hackers, and hackers confirmed that the data they had has been destroyed.

Paying the ransomware money is not illegal in the US & UK but it is against the advice of numerous law enforcement agencies such as the FBI, NCA, and Europol.

Blackbaud also said that it is working with law enforcement agencies and 3rd party investigators to check whether the data is on the dark web.

But questions persist about ransomware attacks and whether can you trust a cybercriminal.


Ransomware gangs are now focussing on corporate networks, where they get an initial foothold and steal the victim’s data before encrypting the local files. Victims are then forced to pay a ransom demand- either for unlocking or decrypting the files or for preventing their stolen data from being published on the internet.

Ransomware attacks are on the rise, especially as the Covid-19 pandemic continues. As part of due diligence before working with any provider, you should check that the provider must have adequate technical and organizational measures in place to defend against a ransomware attack.

How to get Microsoft Defender Health on Mac Fleet

Managing Macs for multiple companies gives us the opportunity to work in various environment and detect issues where it occurs first & then implement a solution for all others at the same time. Recently there was a requirement to find if there are MDD instances...

Implementing Machine Learning in IT Support Setup

Machine learning has the potential to revolutionize the way IT support businesses operate. This cutting-edge technology can be applied in a number of ways to improve the efficiency, accuracy, and speed of IT support services. Here are some ways that machine learning...

Benefits of Apple Business Managers

Apple Business Manager is a web-based platform designed to streamline the process of purchasing, deploying, and managing Apple devices within a business organization. It allows IT administrators to manage and distribute Apple devices and apps to their employees,...

Adoption of Macs in Enterprise: A Growing Trend

This image belongs to In recent years, there has been a growing trend of enterprises adopting Macs as their primary desktop and laptop computers. This shift in technology can be attributed to several factors, including...

ESG as future of IT

ESG, or environmental, social, and governance, is becoming increasingly important in the field of IT. As technology continues to advance and play a larger role in our daily lives, companies are being held to higher standards in terms of their impact on the environment...

Secure Your Mac with FileVault

FileVault is a built-in encryption tool for Macs that helps protect your data from unauthorized access by encrypting your hard drive. Enabling FileVault is a simple process that only takes a few minutes, and it can give you peace of mind knowing that your data is safe...

Is outsourcing IT to India is better or keeping it inhouse?

There are pros and cons to both outsourcing IT services to India and keeping IT within the company. Ultimately, the decision to outsource or keep IT in-house will depend on the specific needs and goals of the company, as well as the resources and capabilities...

How to be a good SCRUM Master

In an Agile development team, the Scrum Master is a crucial role that helps the team to work effectively and efficiently. A Scrum Master is responsible for facilitating the team's use of the Scrum framework and ensuring that the team is able to deliver high-quality...

Basics of Enterprise Patch Management

Enterprise patch management is the process of ensuring that all the software and applications within an organization are kept up-to-date with the latest patches and updates. This is important because software and applications are constantly being improved and updated...

Cost saving for enterprises by choosing M1 Macs

The M1 Mac has had a significant impact on the enterprise market since its release. As a highly-efficient and powerful machine, the M1 Mac has proven to be a valuable asset to businesses in a variety of industries. One of the key benefits of the M1 Mac is its improved...

CRM Is A Process, Not A Product! How Can We Make CRM A Successful Tool?

CRM (Customer Relationship Management) is software that allows businesses to manage business relationships and information associated with them. It provides a platform that manages interactions with customers, stores information about them, and automates processes...


Digital Workplace Services

Automated Tasks

 Office IT Support

Intune for Win & Mac

Citrix Virtual Apps

Mac Win iOS Android

Mac & Win Trained