The George W. Bush Presidential Center was recently hacked and a company that supplies data management for the center paid a ransom, with an agreement that the stolen data would be destroyed.
Included in the stolen data was information on donors to the Bush Center, including names, contact information, and contributions they’ve made in the past.
“On July 16, 2020, we were notified by Blackbaud, a large provider of cloud-based data management services … that it had discovered and stopped a ransomware attack that occurred in May 2020,” the Bush Center said in a statement. “Blackbaud informed us that it paid a ransom to the attackers in order to obtain confirmation that the compromised unencrypted information has been destroyed.”
The Center said there is no evidence the info was misused.
“To date, there is no indication that any of the compromised unencrypted information is subject to further disclosure or misuse, and given the intent of the criminals to obtain the payment of the ransom, the Bush Center does not believe there is a high risk that the unencrypted information would be used for other purposes,” the statement said. “Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly.”
The Center also said it prevented further damage by acting quickly. “Blackbaud, working with independent forensics experts and law enforcement, successfully prevented the cybercriminals from blocking system access and fully encrypting the Center’s files; and ultimately expelled the criminals from Blackbaud’s system. However, prior to locking the cybercriminals out, the cybercriminals removed a copy of some of the Bush Center’s data regarding donors and other contacts,” the statement said.
The Center said social security numbers of donors were stolen, but that data was encrypted and the decryption keys needed to decipher it are stored separately and were not stolen.
“Even though we do not believe that any personal information has been subjected to misuse or further unauthorized access due to this incident, out of an abundance of caution and in light of our respect for our donors and other contacts’ privacy, we are notifying our website visitors of this incident.”
The cyber attack comes as federal authorities say a well-timed ransomware attack could gravely affect the November presidential election.
The Associated Press reported, “On the spectrum of threats from the fantastical to the more probable, experts and officials say ransomware is a particularly realistic possibility because the attacks are already so pervasive and lucrative. The FBI and Department of Homeland Security have issued advisories to local governments, including recommendations for preventing attacks.”
“From the standpoint of confidence in the system, I think it is much easier to disrupt a network and prevent it from operating than it is to change votes,” Adam Hickey, a Justice Department deputy assistant attorney general, told the AP.