Blackbaud cyber attack: NABS Statement
NABS contacts’ details are held on a database provided by a company called Blackbaud. Blackbaud’s databases are used by charities and universities across the UK and the US.
Blackbaud recently suffered a cyberattack, which it managed to intercept.
At NABS we take our data protection responsibilities seriously. That’s why we’ve launched our own investigation into what happened, and why we’re sharing more details about what happened and what we’re doing about it.
Blackbaud contacted us on 16 July 2020 to say that they had experienced a ransomware attack in May 2020.
On discovering the attack, Blackbaud’s cybersecurity team, together with independent experts and the police, successfully stopped the criminal and shut them out of the system.
However, the criminal did remove a copy of some data before being locked out. Blackbaud asked for this copy to be destroyed in exchange for a ransom, which they paid.
A copy of the NABS database, containing information relating to our contacts and supporters, was involved in this incident. However, Blackbaud have assured us that they have no reason to believe that NABS’ data will be shared, made public or misused.
What is NABS doing about the situation?
We take your data protection very seriously.
Although we don’t believe that the current situation presents a risk to our community, we’re taking it extremely seriously.
As such, we’ve immediately launched our own investigation, including the following actions:
- Reporting the incident to the Information Commissioner’s Office (ICO);
- Asking Blackbaud to explain the delay between them discovering the incident and reporting it to us, and how they’ll increase their security from now on;
- Monitoring the situation closely, together with Blackbaud; and
- Writing to our database contacts and service users to explain the situation.
We’re as disappointed as you that this has happened, so we’re doing as much as we can as quickly as we can.