On August 17, 2020, Blackbaud, Inc. suffered a ransomware attack that led to a data breach affecting the Phi Kappa Psi Foundation. The incident occurred between February 7, 2020, and May 20, 2020, compromising the personal information of 677 Washington residents, including names and dates of birth. The breach was disclosed by the Washington State Office of the Attorney General, highlighting the exposure of sensitive data due to the cyberattack. While Blackbaud reportedly paid the ransom to prevent further data leakage, the attack still resulted in unauthorized access to donor and constituent records managed by the company. The incident underscored vulnerabilities in third-party vendor security, as Blackbaud provides cloud-based software services to nonprofits, educational institutions, and other organizations. The breach raised concerns about the protection of personal data entrusted to such platforms, particularly when targeted by sophisticated ransomware operations.
TPRM report: https://www.rankiteo.com/company/phi-kappa-psi-fraternity
"id": "phi005091825",
"linkid": "phi-kappa-psi-fraternity",
"type": "Ransomware",
"date": "2/2020",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '677',
'industry': 'Education / Fraternity',
'location': 'USA (Washington residents affected)',
'name': 'Phi Kappa Psi Foundation',
'type': 'Non-profit Foundation'},
{'industry': 'Software / Cloud Computing (Non-profit '
'services)',
'location': 'USA',
'name': 'Blackbaud, Inc.',
'type': 'Corporation (Third-party vendor)'}],
'data_breach': {'data_exfiltration': 'Likely (ransomware context)',
'number_of_records_exposed': '677',
'personally_identifiable_information': ['Names',
'Dates of Birth'],
'sensitivity_of_data': 'Moderate (Names, Dates of Birth)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_publicly_disclosed': '2020-08-17',
'description': 'On August 17, 2020, the Washington State Office of the '
'Attorney General reported a data breach involving the Phi '
'Kappa Psi Foundation due to a ransomware attack at Blackbaud, '
'Inc. The breach occurred between February 7, 2020, and May '
'20, 2020, potentially affecting the personal information of '
'677 Washington residents, specifically including names and '
'dates of birth.',
'impact': {'data_compromised': ['Names', 'Dates of Birth'],
'identity_theft_risk': 'Potential (PII exposed)'},
'ransomware': {'data_encryption': 'Likely (implied by ransomware attack)',
'data_exfiltration': 'Likely'},
'references': [{'source': 'Washington State Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Washington State '
'Attorney General'},
'response': {'communication_strategy': 'Public disclosure via Washington '
'State Attorney General'},
'title': 'Data Breach at Phi Kappa Psi Foundation via Blackbaud Ransomware '
'Attack',
'type': 'Data Breach (Ransomware)'}