Hispanic Association of Colleges and Universities

The Hispanic Association of Colleges and Universities (HACU) was impacted by a ransomware attack on Blackbaud, Inc., a third-party service provider. The breach occurred between February 7, 2020, and May 20, 2020, but HACU was only notified on July 16, 2020. Unauthorized actors gained access to Blackbaud’s systems and exfiltrated backup files containing personal information, including names and Social Security numbers of HACU’s constituents. The stolen data posed significant risks, such as identity theft and financial fraud. HACU began notifying affected individuals nearly a year later, on April 6, 2021, highlighting delays in breach disclosure. The attack underscored vulnerabilities in third-party vendor security and the prolonged exposure of sensitive data before mitigation actions were taken.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/a24669a3-2561-438d-aa92-0d14967152d7.shtml

TPRM report: https://www.rankiteo.com/company/hispanic-association-of-colleges-and-universities

"id": "his551091725",
"linkid": "hispanic-association-of-colleges-and-universities",
"type": "Ransomware",
"date": "2/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'industry': 'education',
                        'location': 'Texas, USA',
                        'name': 'Hispanic Association of Colleges and '
                                'Universities (HACU)',
                        'type': 'non-profit organization'},
                       {'industry': 'software (cloud computing, education, '
                                    'nonprofit)',
                        'location': 'South Carolina, USA',
                        'name': 'Blackbaud, Inc.',
                        'type': 'corporation'}],
 'customer_advisories': 'Notification letters mailed to affected individuals '
                        '(starting April 6, 2021)',
 'data_breach': {'data_exfiltration': True,
                 'file_types_exposed': ['backup files'],
                 'personally_identifiable_information': ['names',
                                                         'Social Security '
                                                         'numbers'],
                 'sensitivity_of_data': 'high',
                 'type_of_data_compromised': ['personal information']},
 'date_detected': '2020-05-20',
 'date_publicly_disclosed': '2020-07-16',
 'description': "The Texas Attorney General's Office reported that the "
                'Hispanic Association of Colleges and Universities (HACU) was '
                'notified by Blackbaud, Inc. on July 16, 2020, about a '
                'ransomware attack that occurred between February 7, 2020, and '
                'May 20, 2020. The attack involved unauthorized access to '
                "Blackbaud's systems, resulting in the theft of backup files "
                'containing personal information, including names and Social '
                'Security numbers of some constituents. HACU began mailing '
                'notification letters to affected individuals on April 6, '
                '2021.',
 'impact': {'data_compromised': ['names', 'Social Security numbers'],
            'identity_theft_risk': 'high',
            'systems_affected': ['backup files']},
 'ransomware': {'data_exfiltration': True},
 'references': [{'source': "Texas Attorney General's Office"}],
 'regulatory_compliance': {'regulatory_notifications': ['Texas Attorney '
                                                        "General's Office"]},
 'response': {'communication_strategy': 'Notification letters mailed to '
                                        'affected individuals (starting April '
                                        '6, 2021)'},
 'title': 'Ransomware Attack on Blackbaud Affecting Hispanic Association of '
          'Colleges and Universities (HACU)',
 'type': 'ransomware'}