Canadian fundraising groups affected by massive ransomware attack
TORONTO — At least two prominent fundraising organizations in Canada have notified their donors that their personal information may have been compromised in a May ransomware attack.
Ransomware is a type of software designed to lock information servers or data and prevent it from being used by the host organization unless a payment is paid, often in the form of a cryptocurrency such as bitcoin. In this case, an unspecified amount was paid by a U.S. company that says it successfully prevented the information from being transmitted beyond the hacker.
The Centre for Addition and Mental Health in Toronto and Western University in London, Ont., advised donors recently by email that a ransom was paid by Blackbaud Inc., one of their service providers.
The South Carolina-based company specializes in providing cloud services to manage fundraising efforts by charitable foundations around the world. It posted a notification of the ransomware attack on its website earlier this month, several weeks after it became aware of the attack.
Blackbaud did not respond to requests for further information about how many of its Canadian clients were affected but its website lists several Canadian foundations affiliated with hospitals, charities and not-for-profit organizations.
But CAMH and Western noted in their communications that the attacker would have had access to individual names, dates of birth, contact information, donations or engagement with the fundraising organizations — information that can be bought and sold by criminal organizations around the world.
CAMH Foundation and Western assured their donors they’d be notified “immediately” if more of their information had been compromised.