OneBlood Ransomware Attack in July Exposes Donors’ Personal Data

Non-profit blood donation organization OneBlood suffered a ransomware attack last summer, exposing donors' personal information.

OneBlood’s ransomware attack

Threat actors hit the non-profit organization with a ruthless ransomware attack last summer. On July 31, OneBlood disclosed the attack to the public.

According to the security advisory, perpetrators encrypted the organization’s virtual machines, prompting it to temporarily switch to manual processes.

OneBlood currently supplies blood to more than 250 hospitals in the US; the incident caused halts or delays in blood collection and even led to “critical blood shortage” protocols in some clinics.

Breach notifications sent six months later

The non-profit organization started sending data breach notifications last week, informing impacted parties that an investigation, completed on Dec. 12, revealed the attack last summer had occurred on July 14.

OneBlood’s notification mentioned that threat actors maintained access to the breached systems for about two weeks. The organization discovered the breach on July 28 and severed their access to the affected machines a day later.

Names and Social Security numbers exposed

“Our investigation determined that between July 14 to July 29, 2024, certain files and folders were copied from our network without authorization,” reads OneBlood’s data breach notification. “The investigation determined that your name and Social Security number was included in the relevant files and folders.”

To help affected donors mitigate the impact of the data breach, the organization is offering 12 months of complimentary credit monitoring and identity theft restoration services. In the notification letter, OneBlood instructs affected parties to remain vigilant to identity theft and fraud attempts by monitoring credit reports for suspicious activity and reviewing account statements.

Protecting your digital footprint

Data breaches occur indiscriminately and without warning, making preparedness for situations like OneBlood’s security incident crucial for preserving your digital identity.

Dedicated services like Bitdefender Digital Identity Protection can help you stay prepared for data breaches by providing a wide range of relevant features.

It encompasses a detailed overview of your online data, including traces from services you no longer use, continuously scans the public and Dark Web and notifies you instantly if your personal details have been exposed in a breach.

Additionally, it lets you instantly patch weak parts of your digital footprint via quick, one-click action items.