Cyber Incident Victim: Rhode Island College Foundation
Date:
Feb 2020
Location:
United States of America
Summary
A ransomware attack targeting software provider Blackbaud compromised personal information from the Rhode Island College Foundation and another local institution, with attackers removing a copy of backup files containing generic data. The breached vendor confirmed no financial details or Social Security numbers were exposed, as these were not stored in the affected system. Blackbaud and law enforcement investigations indicated the stolen information likely remained confined to the attacker and showed no evidence of misuse or public dissemination. The intrusion occurred over several months before being contained, with impacted organizations notified subsequently.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The ransomware attack targeting the Rhode Island College Foundation and Providence Children’s Museum originated through their shared software service provider, Blackbaud, with the intrusion period spanning from February 7 to May 20, 2020. During this timeframe, cybercriminals executed a ransomware attack against Blackbaud’s systems, gaining access to and removing a copy of backup files containing personal information belonging to the foundation and museum. Blackbaud detected the breach and notified the Providence Children’s Museum on July 16, 2020, though the exact notification date to the Rhode Island College Foundation was not explicitly stated in available sources. The attackers reportedly exfiltrated a backup file maintained by Blackbaud that held non-sensitive personal data from both organizations prior to being locked out of the system. According to Blackbaud’s analysis, the compromised data did not include credit card details, bank account information, or Social Security numbers, as neither organization stored such sensitive data within Blackbaud’s environment.
Both affected entities issued public communications confirming the breach’s scope and limitations. The Rhode Island College Foundation disclosed that generic personal information within their backup file was potentially exposed, while the Providence Children’s Museum emphasized that no financial or government-issued identifiers were at risk. Blackbaud informed both organizations that their internal investigation, supported by third-party forensic experts and law enforcement, found no evidence that the stolen data had been disseminated or misused following the attack. The service provider asserted the cybercriminal’s access was terminated before they could encrypt or fully compromise operational systems through the ransomware deployment. No operational disruptions or financial demands against the Rhode Island organizations were reported, as the primary impact remained confined to potential exposure of non-sensitive constituent data held by Blackbaud. The incident concluded with Blackbaud maintaining confidence in the containment of stolen data based on their security protocols and investigative findings.