June 18, 2024 at 04:05PM
California Attorney General’s Office ordered Blackbaud to pay $6.75 million to settle a ransomware attack caused by poor security practices, compromising sensitive information from 13,000 nonprofits, universities, and hospitals. Blackbaud initially faced a $3 million fine and later agreed to a $49.5 million settlement. The Federal Trade Commission also mandated security improvements. Attorney General Bonta emphasized the need for enhanced data protection.
From the meeting notes, it is evident that Blackbaud, a software company based in South Carolina, has been ordered by the California Attorney General’s Office to pay $6.75 million to settle a ransomware attack that occurred in May 2020. The attack was attributed to poor security practices and resulted in the compromise of private information from 13,000 nonprofits, universities, hospitals, and other organizations. The company made misleading statements about the breach and the sufficiency of its data security efforts. This led to violations of the Reasonable Data Security Law, Unfair Competition Law, and the False Advertising Law related to data security. In addition to the financial penalty, Blackbaud has been ordered to develop an information security program and delete unnecessary data. The Federal Trade Commission also criticized the company for not taking adequate steps to ensure the data was deleted and for not improving its security practices, such as implementing multifactor authentication and encrypting sensitive data. The settlement aims to ensure that Blackbaud enhances its security measures and prioritizes safeguarding consumers’ personal information to prevent future incidents.