LIMERICK people who have made financial donations to Childrenโs Medical & Research Foundation (CMRF) Crumlin, which provides vital funding for Childrens Health Ireland Crumlin, formerly Our ladyโs Childrenโs Hospital, Crumlin, have been informed by the organization that they may have had their names, contact information and a history of their donations, accessed in a โransomware attackโ by cybercriminals.
CMRF Crumlin chief executive, Denise Fitzgerald, states in an email which was circulated to supporters on August 19th, that the organisation is undergoing an โinternal reviewโ following the incident.
A CMRF Crumlin spokeswoman was asked, but did not disclose how many supporters may have been impacted, and she added, โthat is information which we would regard as commercially sensitive and as such will not be in a position to provideโ.
The data breach, involving technology firm Blackbaud โ which provides database systems to CMRF Crumlin โ occurred last May, and CMRF was notified on July 16th.
โOn being advised of the incident we immediately undertook our own investigation and advised the Data Protection Commissioner of the incident,โ Ms Fitzgerald states in the email to supporters.
She goes on to explain that Blackbaud advised CMRF Crumlin that it โpaid the cybercriminalโs demandโ on condition the perpetrator destroyed the information it had copied.
โCMRF Crumlin were not the target of the attack and were not party to the decision to make any payment, we were only made aware of this payment after it had occurred.โ
Ms Fitzgerald states that Blackbaud has advised CMRF Crumlin that it has โno reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publiclyโ.
Blackbaud is currently working with law enforcement authorities to investigate the incident.
โWe have worked with Blackbaud for a number of weeks to fully investigate what happened and what data may have been affected and having ascertained that we are now updating you,โ Ms Fitzgerald continues.
She adds that, although CMRF Crumlin โhas ascertained that the data that may have been accessed does not include banking information, credit card details or sensitive personal data…it may have contained names, contact information including telephone numbers, email addresses and mailing addresses, as well as a history of supporter donationsโ.
Blackbaud has already implemented several changes to protect CMRF supporters data from any subsequent incidents, which can presently โwithstand all known attack tacticsโ.
Ms Fitzgerald said that CMRF Crumlin โremain in regular contact with Blackbaud and will continue to monitor the companyโs response, we have also started our own internal reviewโ.
โThe risk to supporters from this incident is very low, however, we would always advise that you should remain vigilant and report any suspicious activity to the relevant authoritiesโ and that โit has taken some weeks to clarify the details surrounding the attack and the data accessedโ.
A disclaimer at the end of the email reads: โYou are receiving this email as you may have supported CMRF Crumlin in the past. CMRF Crumlin is notifying you of a data breach which may have affected your personal data.โ
Advertisement