Cyber criminal hacks Bishop Museum’s database provider. Museum says visitors’ data is safe

Some private information may have been exposed during a recent cyber attack on the Bishop Museum of Science and Nature in Bradenton and other nonprofit groups.

It does not appear any credit card information was captured during the ransomware attack, according to Bishop’s CEO Brynne Anne Besio.

Besio said she received a letter from the museum’s Internet security firm, Blackbaud, on July 16 that in May the server was attacked and some private information was likely stolen.

However, “Please be assured that the museum does not store credit card or bank account information in our database on the Blackbaud platform,” Besio announced. “Consequently, there is no need for you to take action.”

Ransomware attacks are designed to infiltrate and shut down an organization’s ability to operate and steal private information to hold as a virtual hostage until the cyber criminal is paid.

Besio said Blackbaud’s cybersecurity team, along with law enforcement, “successfully prevented the cyber criminal from blocking access and ultimately expelled them from the system.”

However, before the successful counterattack, data containing contact information for donors, demographic information, dates of gifts and how much given was stolen.

Blackbaud ultimately paid an undisclosed amount to the hacker once the company was confident the data had been destroyed and not passed onto other sources.

Besio said that kind of information is the only data stored on the Blackbaud platform.

“We do not believe there is a need for you to take any action,” Besio said. “As a best practice, we recommend that you always remain vigilant and promptly report any suspicious activity or suspected identity theft to the proper authorities.”

Blackbaud has identified the tactics used by the hacker and has taken measures to prevent such attacks in the future.

“Your trust and confidence are of the utmost importance to us,” Besio said. “We are very sorry about any concern or inconvenience this may cause. Please know that we take cybersecurity very seriously and have the highest standards for our vendors.”

According to an incident summary report on Blackbaud’s website, the company deals with millions of cyber attacks each month on its clients.

In this case, “The cyber criminal did not access credit card information, bank account information or social security numbers,” the report states. “Because protecting our customers’ data is our top priority, we paid the cyber criminal’s demand with confirmation that the copy they removed had been destroyed.”

Blackbaud’s report said it was a sophisticated attack.

“We have already implemented changes to prevent this specific issue from happening again.”

This story was originally published August 13, 2020 at 8:02 AM.