Canadian charity the Heart and Stroke Foundation, emailed donors yesterday to alert them of a potential data leak part of a “data security incident” from a third-party supplier.
The supplier in question is cloud computing company Blackbaud, which offers solutions for charities and non-profits.
The Heart and Stroke foundation says they were notified by Blackbaud on July 16 of a ransomeware attack. Blackbaud says it “discovered and stopped a ransomware attack in May,” by paying the cybercriminals to get their data back and unlocked.
According to Blackbaud, the cyberhackers said they deleted the locked info, but of course, there’s no way to really verify this.
Thus, the Heart and Stroke Foundation says the following info from donors may have been compromised:
- email addresses
- telephone numbers
According to Blackbaud, credit card numbers, usernames and passwords were encrypted and not affected.
The Heart and Stroke Foundation explains, “Blackbaud has informed us that there is no reason to conclude that the data related to the Heart & Stroke community will be misused, but we recommend that you exercise additional prudence.”
The biggest risk for donors is the possible exposure of their contact info, which may result in hackers impersonating Heart and Stroke to ask for donations.
The Heart and Stroke Foundation says it is working with Blackbaud to enable two-factor authentication to protect its records, while also notified relevant privacy commissioners about the incident.