Archive for the ‘Cyber Security’ Category

Service of Fingers Crossed: When to Believe Thieves

Thursday, September 10th, 2020

Photo: smithsonianmag.com

When you comply to a ransom demand you’re not in the driver’s seat. You must hope that the thieves are honorable. If you watch “Law and Order” or its offshoots,  you’re familiar with the concept even if you’ve not yourself been plagued by such a horrifying theft.

The cyberthieves Sarah Cascone wrote about on artnet.com hadn’t absconded with a relative. Her article was: “Hackers Have Stolen Private Information From Donor Lists to 200 Institutions, Including the Smithsonian and the UK’s National Trust.” The subhead was: “The Parrish Art Museum and the Corning Museum of Glass were also hit by ransomware.” In addition to museums, data from hospitals, 16 US universities and 33 UK charities was lifted.

Photo: parrishart.org

According to Cascone, the attack on Blackbaud–“a third-party cloud software company”–happened in May. Blackbaud told its clients a month later. They said that “the compromised data was limited to demographic information such as names, addresses, phone numbers, and donation summaries, and did not include credit card information, bank account information, or social security numbers.” We hope.

Cascone reported that the Corning Museum said it doesn’t “keep credit cards, bank accounts, or social security numbers in the system hosted by Blackbaud.” One wonders where do they keep it and is it safe?

Photo: credibly.com

Blackbaud said it paid the cybercriminals and confirmed that they had destroyed what they’d stolen, according to Cascone. They paid in Bitcoin. “’What I find unsettling about Blackbaud’s situation is that they just took the hackers at their word that the stolen data was destroyed. In my experience, hackers almost always leave behind hard-to-find malware so that they can still access the system,’ said Wood.” Tyler Cohen Wood is a cyber-security consultant and the former cyber deputy chief of the Defense Intelligence Agency.

Cascone continued: “She advises that museums employing third-party providers familiarize themselves with the company’s procedures for handling ransomware attacks and to have secure data backups, even if that means paying extra.”

If you were notified by an organization that such a breach had occurred, would you get a new credit card or bank account number even if you were told the cybercriminals had no access to–or had destroyed–that information? Have you ever asked an organization to which you donate money how they protect your financial and personal information? Is cash the only secure way to donate?

Photo: passwordboss.com

Get This Blog Emailed to You:
Enter your Email


Preview | Powered by FeedBlitz

Clicky Web Analytics