Limerick people warned of cyber attack on CMRF Crumlin

LIMERICK people who have made financial donations to Childrenโ€™s Medical & Research Foundation (CMRF) Crumlin, which provides vital funding for Childrens Health Ireland Crumlin, formerly Our ladyโ€™s Childrenโ€™s Hospital, Crumlin, have been informed by the organization that they may have had their names, contact information and a history of their donations, accessed in a โ€œransomware attackโ€ by cybercriminals.
CMRF Crumlin chief executive, Denise Fitzgerald, states in an email which was circulated to supporters on August 19th, that the organisation is undergoing an โ€œinternal reviewโ€ following the incident.
A CMRF Crumlin spokeswoman was asked, but did not disclose how many supporters may have been impacted, and she added, โ€œthat is information which we would regard as commercially sensitive and as such will not be in a position to provideโ€.
The data breach, involving technology firm Blackbaud โ€” which provides database systems to CMRF Crumlin โ€” occurred last May, and CMRF was notified on July 16th.
โ€œOn being advised of the incident we immediately undertook our own investigation and advised the Data Protection Commissioner of the incident,โ€ Ms Fitzgerald states in the email to supporters.
She goes on to explain that Blackbaud advised CMRF Crumlin that it โ€œpaid the cybercriminalโ€™s demandโ€ on condition the perpetrator destroyed the information it had copied.
โ€œCMRF Crumlin were not the target of the attack and were not party to the decision to make any payment, we were only made aware of this payment after it had occurred.โ€
Ms Fitzgerald states that Blackbaud has advised CMRF Crumlin that it has โ€œno reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publiclyโ€.
Blackbaud is currently working with law enforcement authorities to investigate the incident.
โ€œWe have worked with Blackbaud for a number of weeks to fully investigate what happened and what data may have been affected and having ascertained that we are now updating you,โ€ Ms Fitzgerald continues.
She adds that, although CMRF Crumlin โ€œhas ascertained that the data that may have been accessed does not include banking information, credit card details or sensitive personal data…it may have contained names, contact information including telephone numbers, email addresses and mailing addresses, as well as a history of supporter donationsโ€.
Blackbaud has already implemented several changes to protect CMRF supporters data from any subsequent incidents, which can presently โ€œwithstand all known attack tacticsโ€.
Ms Fitzgerald said that CMRF Crumlin โ€œremain in regular contact with Blackbaud and will continue to monitor the companyโ€™s response, we have also started our own internal reviewโ€.
โ€œThe risk to supporters from this incident is very low, however, we would always advise that you should remain vigilant and report any suspicious activity to the relevant authoritiesโ€ and that โ€œit has taken some weeks to clarify the details surrounding the attack and the data accessedโ€.
A disclaimer at the end of the email reads: โ€œYou are receiving this email as you may have supported CMRF Crumlin in the past. CMRF Crumlin is notifying you of a data breach which may have affected your personal data.โ€
Advertisement