New Hampshire Public Radio Hit With Ransomware Attack

CONCORD, NH — The state's public radio network was hit with a ransomware attack earlier this year but personal information, including credit card and bank accounts of contributors, was not accessed, the nonprofit said Friday.

In a letter to contributors, sponsors, and listeners, Deborah Turner, the vice president of development of NHPR, said one of the organization's third-party providers, Blackbaud, "discovered and stopped a ransomware attack that involved our data" in May and contacted the org July 16 about the attack. The incident timeline ran from Feb. 7 to May 20, the company said. Data fields with credit card or bank account information "are encrypted and were NOT acquired during the incident," she emphasized.

After Blackbaud discovered the attack, it blocked the cybercriminal from accessing the encrypted files. The company also removed NHPR's donor data backup file from its system. Blackbaud then "paid the cybercriminal's demand to receive confirmation that the backup copy they removed had been destroyed."

Turner said information the cybercriminal did access included "demographic information, contact information, and a history of your relationship with NHPR, such as donation dates and amounts." She said the org was notifying listeners and donors so they could be fully informed — and ensuring the safety of their data. Blackbaud had also taken steps to identify vulnerabilities and enhance security at the organization.

"NHPR takes the protection and proper use of your information very seriously," Turner said. "Thus, we are contacting you as a precautionary measure to make you aware of the incident and encourage you to remain vigilant regarding any potential misuse of your information."

To read more about the ransomware attack, view the data notice on the radio network's website. A detailed explanation can be found on Blackbaud’s website.

Got a news tip? Send it to tony.schinella@patch.com. View videos on Tony Schinella's YouTube channel.