By Drew Fox Jordan • October 7, 2020

    Weekly Roundup: The Impact of Fundraising

    In this series, we take a look at the current news impacting the nonprofit sector, specifically fundraising. Our intention is not to be reactive, but to be proactive in our analysis of the news and consider how fundraising and philanthropic efforts can improve outcomes and adapt to meet the times.

    This week: Blackbaud Now Says Some Social Security Numbers and Bank-Account Information Was Accessed in Breach, Hackers Claim To Have Uploaded Data Obtained In CCSD Security Breach, and Zoom Usage Raises Questions About Security Of Student Data.

    Screen Shot 2020-10-06 at 10.13.38 AM

    Blackbaud Now Says Some Social Security Numbers and Bank-Account Information Was Accessed in Breach (Via Chronicle of Philanthropy)

    Fundraising software company Blackbaud has for months told its nonprofit clients that the ransomware attack earlier this year compromised personal information such as names, addresses, phone numbers, and giving history stored on the company’s cloud server. Until this week, the company said the breach did not expose information like bank details, passwords, and Social Security numbers. But the firm updated its statement with a disclosure that the cybercriminal did in fact access such data from some affected organizations.

    Analysis: The fallout of the Blackbaud hack continues to expand, and nonprofits are left wondering if they have the full story on the true extent of the hack. With so much at stake, organizations will need to take steps now to prevent any future attacks. But most importantly, your donors need to know that their data that they trust you with is secure, and communicating that to donors now is a much easier email to send that one letting them know that their bank information was compromised.

    CCSD building

    Hackers Claim To Have Uploaded Data Obtained In CCSD Security Breach (Via Las Vegas Review Journal)

    The hacker group behind the Clark County School District’s security breach claims to have uploaded all of the stolen data to its website — including information on current and former employees such as names and Social Security numbers. An update posted to the group’s website last week claims that 100 percent of the data from the Aug. 27 attack has been uploaded — though ultimately only the criminals and possibly the district would know if that’s true, said Brett Callow, a threat analyst at cybersecurity company Emisoft.

    Analysis: Data security hacks are not limited to donor data. It can extend to include employees as well. Security compromises can impact an entire organization, and unfortunately there is no way to know the full extent of the hack until after it is too late. Callow explained the district is facing a "lose-lose situation" by either having to pay the hackers, or risk sensitive data being published. Only by getting ahead of security hacks before they happen can organizations set themselves up to successfully handle it if and when a breach takes place.

    Want to learn more about data security for nonprofit? Join us October 20 at 2:30 pm ET // 11:30 am PT for a FREE webinar about new risks nonprofits face and how human layer security sures up vulnerabilities that haven't been considered before.

    zoom security

    Zoom Usage Raises Questions About Security Of Student Data (Via The Dartmouth)

    Since the beginning of the pandemic, the video-conferencing platform Zoom has dominated higher education, with many colleges and universities adopting the technology as a temporary substitute for in-person instruction. Though Zoom allows students to remain connected to their academic experience, as well as with family and friends, the wide-scale adoption of the platform has raised questions around student data and privacy. Among the data accessible to the College, according to James Goodrich, admin for Dartmouth's Zoom account, is information on who participates in a call, the type of device used by call participants and any recordings hosts make of the call, which are automatically uploaded to Dartmouth’s cloud. Goodrich said that while administrators have access to these data, they do not view them.

    Analysis: Many organizations have policies in place to safeguard data, but policies can be broken placing the entire database at risk. Since a hacker would not be bound to these policies, they do not do anything to prevent against external hacks. If the personal information of a Zoom call participant is left out in the open, protected only by internal policy, what happens if there is a security breach and this data falls into the wrong hands?

    Is your donor data protected? Take our FREE 15-minute data security health check and find out if your organization is secure.

    Gravyty Guard Data Security Health Score


    Posts by Topic

    see all