The New-York Historical Society suffered a data breach due to a ransomware attack on its third-party vendor, Blackbaud, in May 2020. The incident exposed the personal information of 2,748 individuals, including Social Security numbers, with 3 Maine residents among the affected. While the breach was reported to authorities, notifications to impacted individuals were delayed until December 22, 2020. As a remedial measure, the society offered 24 months of identity theft protection services to those affected. The attack originated from a vulnerability in Blackbaud’s systems, leading to unauthorized access and potential misuse of sensitive data. The delayed disclosure and the nature of the compromised information particularly SSNs, which are high-value targets for identity theft heighten the severity of the incident. The breach underscores risks associated with third-party vendor security lapses and the cascading impact on client organizations.
TPRM report: https://www.rankiteo.com/company/the-new-york-historical
"id": "the205090625",
"linkid": "the-new-york-historical",
"type": "Ransomware",
"date": "5/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '2,748 (including 3 Maine '
'residents)',
'industry': 'Museum / Cultural Institution',
'location': 'New York, USA',
'name': 'New-York Historical Society',
'type': 'Non-Profit Organization'},
{'industry': 'Technology / Cloud Services',
'name': 'Blackbaud (Third-Party Vendor)',
'type': 'Service Provider'}],
'customer_advisories': 'Written notifications sent (December 22, 2020) with '
'24-month identity theft protection offered',
'data_breach': {'number_of_records_exposed': '2,748',
'personally_identifiable_information': 'Yes (including SSNs)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Social Security Numbers']},
'date_detected': '2020-05-20',
'description': 'The Maine Office of the Attorney General reported that the '
'New-York Historical Society experienced a data breach '
'resulting from a ransomware incident reported by the '
'third-party vendor Blackbaud, occurring on May 20, 2020. '
'Approximately 2,748 individuals were affected, including 3 '
'Maine residents, with potential compromise of personal '
'information including Social Security numbers. Written '
'notifications were sent on December 22, 2020, and identity '
'theft protection services were offered for 24 months.',
'impact': {'data_compromised': ['Personal Information',
'Social Security Numbers'],
'identity_theft_risk': 'High (24-month identity theft protection '
'offered)'},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'communication_strategy': 'Written notifications sent to '
'affected individuals (December 22, '
'2020)',
'third_party_assistance': ['Blackbaud (disclosure)',
'Identity Theft Protection Provider']},
'title': 'New-York Historical Society Data Breach via Blackbaud Ransomware '
'Incident',
'type': 'Data Breach (Ransomware)'}