Wisconsin Evangelical Lutheran Synod

The Wisconsin Evangelical Lutheran Synod (WELS) experienced a ransomware attack in May 2020, disclosed on September 29, 2020, involving the third-party vendor Blackbaud. The breach exposed highly sensitive personal data, including names, dates of birth, financial account numbers, and Social Security Numbers (SSNs) of an undisclosed number of individuals. The attack targeted Blackbaud’s systems, which stored WELS’s donor and constituent records, leading to potential identity theft, financial fraud, or misuse of personal information. While the exact scale of the breach remains unknown, the compromised data’s nature particularly SSNs and financial details poses severe long-term risks for affected individuals. Blackbaud reportedly paid the ransom, but the incident underscores vulnerabilities in third-party data handling and the escalating threat of ransomware targeting organizations with sensitive personal records.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/8127c035-8f89-4db1-9c0e-3ec3891cf0b4.shtml

TPRM report: https://www.rankiteo.com/company/wels

"id": "wel205090625",
"linkid": "wels",
"type": "Ransomware",
"date": "5/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': 'Unknown',
                        'industry': 'Religious',
                        'location': 'Wisconsin, USA',
                        'name': 'Wisconsin Evangelical Lutheran Synod (WELS)',
                        'type': 'Non-profit Religious Organization'},
                       {'industry': 'Technology',
                        'location': 'South Carolina, USA',
                        'name': 'Blackbaud',
                        'type': 'Third-Party Service Provider '
                                '(Cloud/Software)'}],
 'customer_advisories': 'Public notification issued on 2020-09-29',
 'data_breach': {'number_of_records_exposed': 'Unknown',
                 'personally_identifiable_information': ['Names',
                                                         'Dates of Birth',
                                                         'Social Security '
                                                         'Numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Financial Data']},
 'date_detected': '2020-05-01',
 'date_publicly_disclosed': '2020-09-29',
 'description': 'The Wisconsin Evangelical Lutheran Synod (WELS) reported a '
                'data breach involving Blackbaud on September 29, 2020. The '
                'breach, which was a ransomware attack that occurred in May '
                '2020, potentially exposed personal information including '
                'names, dates of birth, financial account numbers, and Social '
                'Security Numbers of individuals. The number of affected '
                'individuals is currently unknown.',
 'impact': {'data_compromised': ['Names',
                                 'Dates of Birth',
                                 'Financial Account Numbers',
                                 'Social Security Numbers'],
            'identity_theft_risk': 'High (PII exposed)',
            'payment_information_risk': 'High (Financial account numbers '
                                        'exposed)'},
 'ransomware': {'data_encryption': 'Likely (ransomware attack)',
                'data_exfiltration': 'Likely (data exposed)'},
 'references': [{'source': 'WELS Public Disclosure'}],
 'response': {'communication_strategy': 'Public disclosure on 2020-09-29'},
 'title': 'Wisconsin Evangelical Lutheran Synod (WELS) Data Breach via '
          'Blackbaud Ransomware Attack',
 'type': 'Data Breach (Ransomware)'}