Bletchley Park, a museum and visitor centre based on the iconic WWII codebreaking facility, has had data stolen as part of the Blackbaud ransomware attack.
The hackers are alleged to have stolen software containing the personal details of Bletchley Park members and donors before demanding a ransom.
The ransom has since been paid in order to persuade the cyber criminals not to misuse the data.
A Bletchley Park statement sent to their mailing list stated: “We were recently notified by Blackbaud, one of our software suppliers, that they have suffered a data breach due to a ransomware attack on their own system… Unfortunately, a significant number of universities and charities have been affected by this issue and this list includes Bletchley Park Trust.
“This breach involved records containing personal information, which may include one or more data fields such as names, titles, dates of birth, email addresses, donation history, mailing or e-newsletter list preference, event attendance or membership, depending on data subjects’ engagement with the Bletchley Park Trust.”
The museum stated that no financial or bank card details were held on the system.
Cloud computing provider Blackbaud was hit by a major cyberattack in May that included Edinburgh Zoo and the National Trust amongst the company’s clients that had their data stolen. The company has since paid the ransom in exchange for “credible confirmation” that the data had been deleted.
Bletchley Park noted that Blackbaud’s Cyber Security team, along with independent forensics experts and law enforcement agencies, were able to stop the attack.
“Blackbaud has informed us that it has no reason to believe that any data went beyond the cybercriminal and that the data was deleted after they paid a ransom,” the statement read.
The park has assured people that their data is now secure.
- Meetup Vulnerabilities Help Hackers to Takeover ‘Groups’ on the Platform
- Garmin Still Recovering After Major Ransomware Attack Cripples Systems
- Global Ransomware Attack Hits Universities in UK, US and Canada
CEO at the Scottish Business Resilience Centre (SBRC), Jude McCorry, questioned the wisdom of paying the ransom demanded by the cyber attackers: “Doing so is not illegal, but goes against the advice of numerous law enforcement agencies, including the FBI, NCA and Europol.
“Blackbaud added that it had been given ‘confirmation’ that the copy [of data] they removed had been destroyed. Paying a ransomware does not give you an assurance that the data has been destroyed or will not be used again. How can they possibly know what the attackers will do with that information?
“By paying the ransomware organisations are financing and expanding organised cybercrime.”