YouthCare

On September 11, 2020, YouthCare, a nonprofit organization serving homeless youth, fell victim to a ransomware attack via its third-party vendor, Blackbaud. The breach occurred between February 7, 2020, and May 20, 2020, compromising the personal data of 3,410 Washington consumers. The exposed information included names, dates of birth, and contact details, though no financial or highly sensitive records (e.g., Social Security numbers) were reported as stolen. The attack was part of a broader campaign targeting Blackbaud’s clients, where threat actors exfiltrated data before deploying ransomware. While YouthCare confirmed no evidence of misuse of the leaked data, the incident raised concerns over vendor-related cybersecurity risks and the protection of vulnerable populations’ personal information. The organization notified affected individuals and coordinated with the Washington State Office of the Attorney General in compliance with breach disclosure laws.

Source: https://www.atg.wa.gov/data-breach-notifications | https://data.wa.gov/resource/sb4j-ca4h.json?id=10304

TPRM report: https://www.rankiteo.com/company/youthcare-seattle

"id": "you546091725",
"linkid": "youthcare-seattle",
"type": "Ransomware",
"date": "2/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': '3,410',
                        'industry': 'social services / youth support',
                        'location': 'Washington, USA',
                        'name': 'YouthCare',
                        'type': 'non-profit organization'},
                       {'industry': 'cloud computing / nonprofit software',
                        'name': 'Blackbaud',
                        'type': 'vendor / service provider'}],
 'attack_vector': 'third-party vendor (Blackbaud)',
 'data_breach': {'data_exfiltration': 'likely (ransomware attack context)',
                 'number_of_records_exposed': '3,410',
                 'personally_identifiable_information': ['names',
                                                         'dates of birth',
                                                         'contact details'],
                 'sensitivity_of_data': 'high',
                 'type_of_data_compromised': ['personally identifiable '
                                              'information (PII)']},
 'date_detected': '2020-05-20',
 'date_publicly_disclosed': '2020-09-11',
 'description': 'The Washington State Office of the Attorney General reported '
                'a data breach involving YouthCare, which experienced a '
                'ransomware attack through its vendor, Blackbaud. The breach '
                'occurred between February 7, 2020, and May 20, 2020, '
                'affecting 3,410 Washington consumers. Compromised information '
                'included names, dates of birth, and contact details.',
 'impact': {'data_compromised': ['names', 'dates of birth', 'contact details'],
            'identity_theft_risk': 'high (PII exposed)'},
 'ransomware': {'data_encryption': 'likely', 'data_exfiltration': 'likely'},
 'references': [{'source': 'Washington State Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Washington State '
                                                       'Attorney General'},
 'response': {'communication_strategy': 'public disclosure via Washington '
                                        'State Attorney General'},
 'title': 'YouthCare Ransomware Attack via Blackbaud Vendor Breach',
 'type': ['data breach', 'ransomware attack']}

YouthCare

Prime Properties: Exclusive: Prime Properties listed as breach victim by M3rx ransomware

VECT 2.0: New VECT 2.0 Ransomware Targets Multi-Platform Systems

Kettering Health: US Healthcare Data Breach Crisis Impacts Millions -- Security Today