TORONTO — At least two prominent Canadian organizations have notified donors that their personal information may have been compromised in a May ransomware attack.
The Centre for Addition and Mental Health in Toronto and Western University in London, Ont, advised donors recently by email that a ransom was paid by one of their service providers, Blackbaud, which revealed the attack on its own website earlier this month.
The South Carolina-based company specializes in providing cloud services to manage fundraising by charitable foundations around the world.
Blackbaud did not respond to requests for further information about how many of its Canadian clients were affected, but its website lists several Canadian foundations affiliated with hospitals, charities and other not-for-profit organizations.
Blackbaud has advised its customers that their clients’ financial information, such as banking or credit card information, was not affected
But it says the criminals would have had access to individual names, dates of birth, contact information, donations or engagement with the fundraising organizations — information that can be bought and sold by criminal organizations around the world.
Blackbaud officials told analysts Thursday during a quarterly conference call that its own security personnel and outside experts including law enforcement have no reason to believe that data was distributed beyond the specific cybercriminal or will be made available publicly.
This report by The Canadian Press was first published July 30, 2020.
David Paddon, The Canadian Press