“Prior to our locking the cybercriminal out, the cybercriminal removed a copy of a subset of data from our self-hosted environment. The cybercriminal did not access credit card information, bank account information, or social security numbers. Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed.”
Read next: Ransomware attacks are increasingly involving data theft
However, since this statement, one class action lawsuit filed against Blackbaud in California on September 11, suggests that the perpetrators did in fact access private information, and that the cyber services provider was “unacceptably cagey with regards to the specifics” of the breach, according to a ClassAction.org report.
Lawsuits aside, one thing is clear. The Blackbaud breach, which impacted Ambrose University in Alberta, is a good example of third-party cyber supply chain risk. Candid Wüest, vice president of cyber protection research at Acronis, commented: “We’ve been talking about supply chain and third-party cyber risk for…
