The Smithsonian Institution revealed that it was subjected to a ransomware attack, compromising information belonging to its donors, in May 2020.
Cloud computing provider Blackbaud that serves the Smithsonian discovered and stopped the cyber attack in May 2020. The company notified the institution in July.
Other organizations were also victims of the hacking that affected the Smithsonian.
Ransomware attacks encrypt all the data stored in the target company’s systems, and cybercriminals behind these attacks demand money to decrypt the information.
According to a press release from Blackbaud, the attackers did not access credit card information, bank account information, or social security numbers.
“Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed. Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly,” the company said.
Another statement came from the Smithsonian, saying that the types of information pertaining to Smithsonian donors that might have compromised in the incident included “demographic information such as names, US addresses, phone numbers, and summary of donations.”