back to article Cloud biz Blackbaud admits ransomware crims may have captured folks' bank info, months after saying that everything's fine

Blackbaud, the cloud CRM provider whose execs bought off ransomware crooks in exchange for a pinky promise that stolen data would not be misused, has now confessed that customers' bank account information may have been taken from its servers by the criminals. In a US stock market 8-K filing [PDF], Blackbaud admitted the …

  1. Doctor Syntax Silver badge

    Stupid indeed. We can only hope that Blackbaud - and preferably including its directors as well - get sued into oblivion as a warning to the rest.

  2. jake Silver badge

    But it was in the CLOUD!!!!!1!1!!!one!

    Marketing has told us that clouds are perfectly safe! Shirley they weren't lying‽‽‽

  3. RM Myers
    FAIL

    Since day one, Blackbaud has been 100% focused on driving impact for social good organizations.

    That is their stated goal, and I believe we can all agree that they reached it. The impact may not be exactly what their client organizations wanted, but there is no doubting its existence.

    What a bunch of clowns.

  4. Andy The Hat Silver badge

    I assume the ICO are investigating this but is it doing so as a 'simple' breach of EU law (GDPR) by a European entity (Blackbaud UK) or under Privacy Shield/Safe Harbour (or whatever was in force at the time) if the data was held in the US by the parent company or is it planning to hit the easier and more finacially lucrative targets which are the numerous charities, education establishments and universities which had their data breached?

    I tried searching the ICO site for any reference but had no success ...

    1. Wellyboot Silver badge

      A detailed investigation into any share dealing since April is also warranted, given the late notifications.

  5. Potemkine! Silver badge
    Mushroom

    WTF!?

    the cybercriminal may have accessed some unencrypted fields intended for bank account information, social security numbers, usernames and/or passwords. In most cases, fields intended for sensitive information were encrypted and not accessible

    So bank account information, social security numbers, usernames and/or passwords are not sensitive informations?! Do these guys in PR believe we are so utterly stupid to swallow this $hit without noticing?

    May the european regulators impale them all! Where's is Vlad Dracul when you need him?

    1. David 132 Silver badge
      Coat

      Re: WTF!?

      He’s a stakeholder in this.

      1. jake Silver badge
        Pint

        Re: WTF!?

        I am here to tell you that beer isn't supposed to come out one's nose. It's actually rather painful ... The next round is on me :-)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like