Cyber Incident Victim: Cuyahoga Community College Foundation
Date:
Feb 2020
Location:
United States of America
Summary
The Cuyahoga Community College Foundation was among multiple Ohio institutions impacted by a ransomware attack targeting Blackbaud, a cloud software provider serving nonprofit organizations. The breach potentially exposed constituent data including names, contact details, demographic information, and donation histories across affected entities, though financial records and sensitive identifiers were reportedly uncompromised. Blackbaud paid the ransom after the attacker exfiltrated a data copy, asserting the stolen information was subsequently destroyed. Impacted organizations notified constituents about potential risks months after the incident and recommended monitoring for suspicious activity, while expressing frustration over delayed disclosure by the vendor.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The ransomware attack targeting Blackbaud, a global cloud software provider serving nonprofit and educational institutions, occurred in February 2020. Blackbaud detected the intrusion in May 2020 and engaged independent forensic experts and law enforcement to expel the attacker from its systems. Before being removed, the attacker exfiltrated a copy of data stored on Blackbaud’s servers. The company paid an undisclosed ransom to the threat actor and received assurances the stolen data was destroyed. Blackbaud stated no credit card information, bank account details, or Social Security numbers were compromised in the breach. Affected clients, including the Cuyahoga Community College Foundation, were notified in July 2020—approximately five months after the initial attack—prompting criticism from some organizations about delayed disclosure.
The Cuyahoga Community College Foundation confirmed on August 6, 2020, that data removed during the attack potentially included contact information, demographic details, and records of donors’ relationships with the organization, such as donation dates and amounts. Similar impacts were reported by other Ohio-based Blackbaud clients, including Kent State University’s Division of Institutional Advancement, which utilized the compromised ResearchPoint platform for alumni engagement and fundraising. Kent State advised constituents to monitor for suspicious activity related to identity theft and scrutinize unsolicited donation requests. The Cleveland Museum of Natural History reported its point-of-sale systems, managed through Blackbaud, were affected, involving guest ticketing and communication data. Holden Forests and Gardens warned members that exposed information might include names, email and mailing addresses, phone numbers, and transaction histories, recommending vigilance over financial accounts. Institutional responses focused on constituent notifications, guidance on monitoring financial activity, and in Kent State’s case, exploring alternative third-party vendor options following the breach. Blackbaud declined to provide additional details beyond its July 2020 public statement regarding the incident’s scope or its resolution.