Case Study: Blackbaud cyber attack

The Incident: Last year US based Blackbaud, one of the largest providers of fundraising, education administration and financial management software to the charity and education sectors were hit by a ransomware attack.


Blackbaud supply their technology to many well-known charities including, the National Trust, adolescent mental health charity YoungMinds and homeless charity Crisis. The attack didn’t just hit the charity sector however, many educational establishments in the UK, US and Canada were hit by the attack.


These UK institutions included in the attack were:

  • University of Birmingham

  • De Montfort University

  • University of Strathclyde

  • University of Exeter

  • University of York

  • Oxford Brookes University

  • Loughborough University

  • University of Leeds

  • University of London

  • University of Reading

  • University College, Oxford

The Impact:

The attack allowed cyber criminals to obtain donor data that belonged to the charities and other non-profits. The data stolen from the charities that were affected did not include credit or payment card data and Blackbaud’s popular fundraising platform JustGiving, was also not affected by the attack.


However, for the education establishments that were caught up in it, the hackers accessed names, titles, gender, dates of birth, student numbers, addresses, phone numbers, email addresses, and LinkedIn profile URLs of members of the University community.


What is a ransomware attack?

Ransomware attacks can have a devastating impact on organisations, with victims requiring a significant amount of recovery time to reinstate critical services. It is therefore vital that organisations have up-to-date and tested offline backups.

Often the aim of cyber criminals deploying ransomware is to encrypt data that will have the most impact on an organisation’s services. This can affect access to computer networks as well as services including email systems and websites.

Ransomware attackers can gain access to a victim’s network through a number of infection vectors. Indeed, it can be hard to predict how a compromise will begin, as cyber criminals adjust their attack strategy depending on the vulnerabilities they identify.


How can you help your charity avoid becoming victim to a ransomware attack?

Charities can help make their organisations safer from cyber criminals by following simple, easy to follow guidance, so to help you we have created and collated a suite of resources, services, and tools.


26% of charities have been hit by a cyber-attack in the last 12 months. These resources will help to strengthen your resilience against similar attacks.


View our resources


If you would like to stay up to date against the latest threats, please sign up for our core membership.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.