Although the attacker was expelled, it removed “a copy of a subset of data from our self-hosted environment." The cybercriminal did not access credit card information, bank account information, or social security numbers.” Blackbaud did not give the amount of payment, but said it “paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed.” Customers who were have affected have been notified and “supplied with additional information and resources”, it said. However, Blackbaud said the attack did not involve applications in its public cloud environment, “nor did it involve the majority of our self-hosted environment." The company said it follows security best practices, but it has implemented changes to prevent the specific threat from happening again.”