Blackbaud Settles With California for $6.75 Million Over 2020 Data Breach

Blackbaud Settles With California for $6.75 Million Over 2020 Data Breach

June 18, 2024 at 06:19AM

Blackbaud was ordered to pay $6.75 million in a settlement for a ransomware attack and data breach. The company paid a $250,000 ransom and later revealed that sensitive information from 13,000 organizations using its services was compromised. Blackbaud has agreed to a $49.5 million settlement and to develop a comprehensive information security program ordered by the FTC.

Summary:
– Blackbaud, a fundraising software provider, was ordered to pay $6.75 million to the California Attorney General’s Office to settle the poor security practices that led to a ransomware attack and data breach in May 2020.
– The company confirmed the ransomware attack in June 2020 and the data breach a month later. It paid a 24 bitcoin ransom.
– The incident compromised sensitive information from 13,000 nonprofits, universities, hospitals, and organizations, including financial, health, and personal information.
– In March 2023, Blackbaud was fined $3 million, and in October 2023, it agreed to a $49.5 million settlement with the attorneys general of 49 states and Washington, D.C.
– In January 2024, the Federal Trade Commission (FTC) ordered Blackbaud to develop a comprehensive information security program and to delete unnecessary data.
– The FTC found that Blackbaud lacked encryption for sensitive data and failed to properly monitor and segment its network, among other deficiencies.
– Last week, Blackbaud settled with the California Attorney General, agreeing to pay $6.75 million in penalties and strengthen its data security and breach notification practices.

Takeaways:
– Blackbaud faced significant financial penalties and settlements due to its poor security practices and the resulting data breach.
– The company’s handling of the incident, including misleading statements about security efforts and the extent of the breach, led to regulatory actions.
– Blackbaud is now required to improve its data security, breach notification practices, and overall information security program.
– The settlements and regulatory actions highlight the importance of prioritizing and enhancing security measures to safeguard consumers’ personal information and prevent future incidents.

Full Article

By proceeding you understand and give your consent that your IP address and browser information might be processed by the security plugins installed on this site.
×