The Heart and Stroke Foundation is warning of what they are calling a “data security incident”, which may affect the private information of their clients.
The incident involves the company Blackbaud, a third party service provider that manages the personal information of stakeholders.
On July 16, Blackbaud notified the organization that they had identified and stopped a ransomware attack in May. The update states that the cyber criminal’s ransom was paid, and all relevant data was destroyed.
The cyber attack affected many of Blackbaud’s clients globally, but the company says the Heart and Stroke foundation was not specifically targeted.
Information that may have been affected includes names, email addresses, phone numbers and addresses. Encrypted information such as credit card numbers, usernames and passwords were not affected, according to Blackbaud
Further, the foundation was told there is no reason to believe their data will be misused, but are asking members to be cautious.
Because the data leaked was mainly contact information, the greatest risk is of fraudsters contacting members and impersonating the foundation in an effort to solicit funds. They ask that any suspicious emails be reported to them immediately.
The Heart and Stroke Foundation are working with Blackbaud, as well as privacy commissioners, to figure out additional security measures to put in place.