In July 2020, the company, which provides hundreds of non-profits and educational facilities with customer relationship management services, disclosed that they had suffered a ransomware attack. More than 120 education and third-sector organisations may have had their data compromised.
The attack took place in February 2020 and was discovered in May 2020 when many of the affected organisations were already reeling from the disruption caused by the COVID-19 pandemic.
The attackers took over the company's servers, encrypted some sets of data and took a copy of a subset of data before they were locked out of the company's systems. The company admitted that they had paid out an undisclosed amount of money in order to retrieve that data which they confirmed did not include bank account or payment card details. However, in some cases it did involve donors details such as names, ages, addresses, estimated wealth / identified assets, past donations and likelihood to make a bequest triggered by their death.
Want to discuss this case? We're offering a FREE 20 minute phone consultation with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
We've done the analysis so you can make the decisions