Subscribe
Search
ePaper
Newsletters
Subscribe
ePaper
Newsletters
Art market
Museums & heritage
Exhibitions
Books
Podcasts
Columns
Technology
Adventures with Van Gogh
Art market
Museums & heritage
Exhibitions
Books
Podcasts
Columns
Technology
Adventures with Van Gogh
Search
Donors
news

Smithsonian confirms that its donor data was potentially breached in ransomware attack

Hacking of Blackbaud software systems exposed hundreds of clients, including other US and UK nonprofits

Nancy Kenney
2 September 2020
Share
The Smithsonian Institution in Washington, DC

The Smithsonian Institution in Washington, DC

The Smithsonian Institution and the Parrish Art Museum confirmed today that they were among the hundreds of organisations potentially affected by a ransomware attack earlier this year on a third-party software company in South Carolina that logs their data regarding fundraising and donors.

The hack on the systems of the software company, Blackbaud, gave an intruder access to information about donors and other constituents, including names, US addresses, phone numbers, summaries of donations and for some individuals, dates of birth, the Smithsonian says. The institution says it has begun notifying people linked to the Smithsonian whose information may have been accessible.

Previous news reports have identified other organisations whose data was potentially compromised as UK’s National Trust, Human Rights Watch, dozens of charities and universities in the UK and US, and the Corning Museum of Glass in New York.

The Smithsonian emphasises that the incident did not result in the exposure of any credit card information, Social Security numbers or banking information, saying that it does not collect or store this type of data.

Blackbaud says that after discovering the attack on its systems in May, it paid the hacker or hackers the ransom demanded, which it did not disclose. “We have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly,” the software company adds.

The Smithsonian says it was informed of the data breach on 16 July, just as other institutions were being alerted, and recently reached out to donors. “Based on the nature of the incident, Blackbaud assured us that any stolen data has been destroyed by the unknown actor and stated they do not believe any data was disseminated or otherwise made available publicly by the unknown actor,” the Smithsonian says. “We will continue to investigate to confirm Blackbaud’s assurances and better understand what occurred.”

The potential compromising of Smithsonian and Parrish Art Museum data was first reported by artnet News. Both the Smithsonian and the Parrish, in Water Mill, New York, subsequently confirmed the exposure of their data in emails to The Art Newspaper.

DonorsSmithsonian InstitutionParrish Art MuseumHackingBlackbaud
Share

Related content

Art marketnews

Art Basel's parent company MCH Group warns of possible data breach after criminal cyber attack

Fair organiser is working with police and Swiss cyber security authorities to identify perpetrators of malware attack on 20 October

Catherine Hickley
Museums & Heritagenews

Smithsonian adopts new ‘ethical returns policy’ to handle artefacts with problematic histories

The new policy, adopted by all Smithsonian museums on 29 April, will allow each institution to tailor it to their particular collections and provenance considerations

Wallace Ludel
Subscribe to The Art Newspaper’s digital newsletter for your daily digest of essential news, views and analysis from the international art world delivered directly to your inbox.
Newsletter sign-up
Information
About
Contact
Cookie policy
Data protection
Privacy policy
Frequently Asked Questions
Subscription T&Cs
Terms and conditions
Advertise
Sister Papers
Sponsorship policy
Follow us
Facebook
Instagram
YouTube
LinkedIn
© The Art Newspaper