On July 16, data management services provider Blackbaud told the Bush Center it had stopped a ransomware attack in May but that the perpetrators “removed a copy of some of the Bush Center’s data regarding donors and other contacts,” the center said in a news release.
“According to Blackbaud, any Social Security numbers or payment card information contained in the affected systems were encrypted and the decryption keys were not compromised,” the center wrote. “However, there was unencrypted, less sensitive information obtained, such as name, birth date, physical and email addresses, telephone numbers, gender and giving history.”
Blackbaud told the center that it “paid a ransom to the attackers in order to obtain confirmation that the compromised unencrypted information has been destroyed.”
“To date, there is no indication that any of the compromised unencrypted information is subject to further disclosure or misuse, and given the intent of the criminals to obtain the payment of the ransom, the Bush Center does not believe there is a high risk that the unencrypted information would be used for other purposes,” the center added.
A number of organizations in the United Kingdom in recent days have said they also were affected by the attack. Blackbaud put out a blog post on the breach a few weeks ago without naming the affected parties, saying the company believes the stolen files were deleted by the hackers.
Both public and private figures have faced data hacks of late, raising widespread concerns about security for both personal information and election integrity.