Perez Art Museum of Miami

The Perez Art Museum of Miami (PAMM), also known as Perez Art Museum of Miami, operates as an art museum headquartered in the United States. Its core function involves exhibiting art and managing associated patron relationships. The museum relies on third-party vendors for critical operational support, including donor management systems. This reliance became a significant point of vulnerability during a cybersecurity incident affecting its operations. PAMM encountered a notable data breach stemming from an attack on its cloud service provider, Blackbaud.

On September 5, 2020, PAMM suffered a data breach originating from a ransomware attack targeting Blackbaud. This incident compromised donor information managed by the museum through the provider's platform. While Blackbaud initially asserted that accessed data fields containing sensitive financial details like credit card and bank account information were encrypted and not exfiltrated, subsequent investigations contradicted these claims. Evidence indicated attackers potentially accessed unencrypted fields due to encryption oversights in uploaded forms and specific data configurations. Sensitive information exposed included Social Security numbers, bank details, and government IDs. The museum learned of the exposure weeks after the incident occurred and decided against offering credit monitoring services to affected individuals based on Blackbaud's revised statement denying access to credit card data, despite reports from other breached organizations confirming the compromise of unencrypted financial information.