The George W. Bush Presidential Center was hacked in a recent ransomware attack in which some donors’ information was stolen but purportedly destroyed later, according to the center.
Data management services provider Blackbaud told the Bush Center on July 16 that it had thwarted the attack in May — but that the cybercriminals “removed a copy of some of the Bush Center’s data regarding donors and other contacts,” the center said in a statement.
According to Blackbaud, Social Security numbers contained in the affected systems were encrypted and the decryption keys were not compromised because they were stored in a different location. Credit cardholder data was not part of the incident because it was stored in a different location.
“However, there was unencrypted, less sensitive information obtained, such as name, birth date, physical and email addresses, telephone numbers, gender and giving history,” it added.
Blackbaud said it has “paid a ransom to the attackers in order to obtain confirmation that the compromised unencrypted information has been destroyed.”
The center added: “To date, there is no indication that any of the compromised unencrypted information is subject to further disclosure or misuse, and given the intent of the criminals to obtain the payment of the ransom, the Bush Center does not believe there is a high risk that the unencrypted information would be used for other purposes.”