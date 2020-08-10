A nasty little problem - you've maybe encountered it already - that's been creeping its way around the Not-For-Profits relates to the fact that, apparently, a high % of the sector uses Blackbaud CRM software. I presume it's cheap.
And insecure. For Blackbaud has been held to ransom by someone who's hacked it, and made off with its users' clients' details. On a pretty large scale, it would seem.
A couple of interesting aspects. Firstly, this has been known about for weeks. But the speed with which Blackbaud's users have 'fessed up to their own clients has varied tremendously. Very much a laggard in this regard is ... the Labour Party, who've only just acknowledged this to their members whose data had flown the nest. Why so coy for so long, Mr Starmer? What bad-news-management mode were you in when they first told you about it?
Of wider import: Blackbaud gaily tell the world that "they have paid the ransom demanded by the cybercriminal and have received assurances that the data was destroyed as a result". WTF? Are those affected supposed to believe assurances from, errr, acknowledged criminals? Why wouldn't said hackers not make multiple copies and sell to whomever will pay?
Or is there a binding international Ransom Protocol I've never heard of, with ISO standards for conduct, arbitration in the Hague, and certification by General de Chastelian?
Turnover of £100m, DM, and AIM-listed - so not miniscule
Business customers are VERY much easier to service and risk-manage than residential customers (until the coming recession starts to bite and credit becomes a big issue)
I've written about aspects of this here:
http://www.cityunslicker.co.uk/2020/01/how-companies-get-rogered-buying-energy.html
At last, a topic I know of first hand. Tbf to many blackbaud customers, they weren't told until 2 weeks ago, hence the gradual releases of first academic, then the NT, then others. As you say ND, the scale of this is huge and the naivety of blackbaud simply astonishing.
A lot of their customers are formed from mom & pop small NfP's but they have also snared a few large ones.
And this hack has the potential to do a lot more real damage than simply posting a few tweets across some prominent accounts.
But perhaps to me, the most worrying part is that the sector itself seems to be rather relaxed about the whole affair. The main goto charity commentariat haven't really touched it, very few blogs - in fact this place is one of the few to highlight it at all. Which i think illustrates still how backward the UK NfP scene is in terms of understanding 'tech' and it's uses.
Spot on for bringing this to a wider audience.
