Atlanta Botanical Garden

The Atlanta Botanical Garden (ABG) experienced a ransomware attack on its third-party vendor, Blackbaud, between February 7, 2020, and May 20, 2020. The breach was reported by the Maine Office of the Attorney General on November 13, 2020, revealing that Social Security numbers (SSNs) of 633 individuals were potentially compromised, including at least one Maine resident. While the attack targeted Blackbaud, ABG’s data was exposed due to the vendor’s vulnerability. In response, ABG is providing 24 months of credit monitoring services to affected individuals to mitigate risks of identity theft or financial fraud. The incident highlights the risks of third-party vendor vulnerabilities in supply chain attacks, where sensitive personal data such as SSNs can be exfiltrated by cybercriminals deploying ransomware. The breach underscores the need for robust cybersecurity measures, particularly when handling personally identifiable information (PII) through external partners.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/57b6df47-965a-4b39-89b1-e3f6b29d6b17.shtml

TPRM report: https://www.rankiteo.com/company/atlanta-botanical-garden

"id": "atl1011090725",
"linkid": "atlanta-botanical-garden",
"type": "Ransomware",
"date": "2/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': 633,
                        'industry': 'cultural/educational (botanical garden)',
                        'location': 'Atlanta, Georgia, USA',
                        'name': 'Atlanta Botanical Garden (ABG)',
                        'type': 'non-profit organization'},
                       {'industry': 'software/technology (cloud computing for '
                                    'non-profits)',
                        'name': 'Blackbaud',
                        'type': 'third-party vendor'}],
 'customer_advisories': 'credit monitoring services offered (24 months)',
 'data_breach': {'number_of_records_exposed': 633,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'high',
                 'type_of_data_compromised': ['Social Security numbers']},
 'date_detected': '2020-05-20',
 'date_publicly_disclosed': '2020-11-13',
 'description': 'On November 13, 2020, the Maine Office of the Attorney '
                'General reported a data breach incident involving the Atlanta '
                'Botanical Garden (ABG) related to a ransomware attack on its '
                'third-party vendor, Blackbaud. The incident occurred between '
                'February 7, 2020, and May 20, 2020, potentially affecting the '
                'Social Security numbers of 633 individuals, with one Maine '
                'resident’s information identified. ABG is offering credit '
                'monitoring services for 24 months to potentially affected '
                'individuals.',
 'impact': {'data_compromised': ['Social Security numbers'],
            'identity_theft_risk': 'high (Social Security numbers exposed)'},
 'references': [{'date_accessed': '2020-11-13',
                 'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
                                                        'Attorney General']},
 'response': {'communication_strategy': 'credit monitoring services offered '
                                        '(24 months)'},
 'title': 'Ransomware Attack on Atlanta Botanical Garden via Third-Party '
          'Vendor Blackbaud',
 'type': 'ransomware'}