Blackbaud has to cough up a few million dollars more over 2020 ransomware attack

Blackbaud has to cough up a few million dollars more over 2020 ransomware attack

June 17, 2024 at 01:50PM

Cloud software company Blackbaud has agreed to settle with California’s attorney general, paying a $6.75 million fine for its cybersecurity failings after a 2020 ransomware attack. The settlement aims to improve data protection and security measures. This follows a previous settlement with 49 other state AGs and the District of Columbia for $49.5 million.

From the meeting notes provided, it can be summarized that Blackbaud, a cloud software company, has been fined $6.75 million by the California attorney general for its cybersecurity failings and lack of transparency following a ransomware attack in 2020.

The attorney general criticized Blackbaud for failing to protect consumers’ personal information and misleading the public about the extent of the data breach. The company allegedly had poor password controls, weak data protection and retention practices, and inadequate patching and product security. The breach affected millions of individuals, including high-profile academic institutions and non-profit organizations worldwide.

In addition to the fine, Blackbaud is required to implement improved security measures, establish a minimum data retention policy, enhance password practices, and implement tighter controls around infrastructure. This settlement with California follows earlier settlements with other state attorneys general and the District of Columbia, totaling $49.5 million.

Furthermore, Blackbaud previously reached a $3 million settlement with the Securities and Exchange Commission (SEC) and received a mild sanction in the UK.

Full Article