Donors to the BC Cancer Foundation are now receiving a disturbing message from Sarah Roth, the president and CEO of the organization.

The fundraising arm of BC Cancer is the latest charitable organization to be hit by cybercriminals who succeeded in a sweeping attack on Blackbaud, a software company that provides cloud services to health, faith, and healthcare charitable foundations around the world.

A growing number of high profile fundraising organizations are now alerting donors that their personal information (but not credit card information) has been compromised. The Washington Post wrote about one such organization – the George Bush Presidential Library – here.

Ransoms have been paid.

The ransomware attack occurred in May but donors are only learning of this now through emails.

Besides BC Cancer, there are other charitable entities now alerting donors; among them The Centre for Addiction and Mental Health in Toronto, Western University in London, and the Jewish National Fund (Canada). American news outlets have identified over 100 charitable organizations that have been affected.

Last year, 15 million Canadians in two provinces – Ontario and B.C. – were affected by a similar attack on LifeLabs. Coincidentally, news today revealed that LifeLabs is in court trying to block information from being released about security lapses that permitted the attack.

Readers of this post will be hearing more about the attacks in coming days but I wanted to immediately post the information in emails to BC Cancer Foundation donors here:

 

In a statement that almost downplays the cybercrime attack, Blackbaud reported the security breach on its website, stating:

“The Cybercrime industry represents an over trillion-dollar industry that is ever-changing and growing all the time—a threat to all companies around the world. Like many in our industry, Blackbaud encounters millions of attacks each month, and our expert Cybersecurity team successfully defends against those attacks while constantly studying the landscape to stay ahead of this sophisticated criminal industry. We wanted to notify our customers and other stakeholders about a particular security incident that recently occurred.

In May of 2020, we discovered and stopped a ransomware attack. In a ransomware attack, cybercriminals attempt to disrupt the business by locking companies out of their own data and servers. After discovering the attack, our Cyber Security team—together with independent forensics experts and law enforcement—successfully prevented the cybercriminal from blocking our system access and fully encrypting files; and ultimately expelled them from our system. Prior to our locking the cybercriminal out, the cybercriminal removed a copy of a subset of data from our self-hosted environment. The cybercriminal did not access credit card information, bank account information, or social security numbers.

Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed. Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly. This incident did not involve solutions in our public cloud environment (Microsoft Azure, Amazon Web Services), nor did it involve the majority of our self-hosted environment. The subset of customers who were part of this incident have been notified and supplied with additional information and resources. We apologize that this happened and will continue to do our very best to supply help and support as we and our customers jointly navigate this cybercrime incident.”