(844) 627-8267 | Info@NationalCyberSecurity
(844) 627-8267 | Info@NationalCyberSecurity

Blackbaud to pay $49.5M settlement over 2020 ransomware attack | #ransomware | #cybercrime

Close up of a businessman's hand with a data breach concept overlay, representing the Blackbaud data breach settlement.
(Photo Credit: sdecoret/Shutterstock)

Blackbaud data breach settlement overview: 

  • Who: Blackbaud Inc. agreed to pay $49.5 million to a total of 49 states and the District of Columbia to resolve  2020 data breach claims. 
  • Why: Blackbaud was accused of failing to enact reasonable security safeguards to prevent the breach and violating breach notification laws with the way it responded to the incident. 
  • Where: The settlement will benefit 49 states, excluding California, and the District of Columbia. 

Computer software corporation Blackbaud agreed to pay $49.5 million to a total of 49 U.S. states and the District of Columbia to resolve claims surrounding its response to a 2020 data breach. 

The states and the District of Columbia argued Blackbaud failed to have reasonable security in place to protect data belonging to more than 13,000 nonprofits and millions of their constituents and donors. 

Blackbaud also pledged to overhaul its data security and breach notification policies and promised to avoid making misleading statements about its privacy, security and related obligations going forward, according to the settlement agreement. 

(Blackbaud) had an obligation to safeguard this information, and they failed,” Connecticut Attorney General William Tong says in a statement. “Our settlement forces Blackbaud to adopt stringent data security and breach notification practices going forward.” 

Blackbaud promises to better report data security incidents, according to settlement

Blackbaud disclosed the data breach in July 2020, announcing at the time it was the victim of a ransomware attack that allowed customer information to fall into the hands of unauthorized third parties. 

The states and the District of Columbia argued Blackbaud broke several laws in the wake of the breach, including their consumer protection and breach notification laws and the federal Health Insurance Portability and Accountability Act

In addition to committing to improve its data security practices, Blackbaud promised to do a better job at reporting incidents to its CEO and board and to enhance its training, resources and support for cybersecurity, according to the settlement. 

Blackbaud also agreed to implement a third-party assessment of its settlement compliance for a period of at least seven years. 

Consumers filed several lawsuits against Blackbaud in the wake of the data breach, including in South Carolina and Florida

Were you affected by the Blackbaud data breach? Let us know in the comments. 

Read About More Class Action Lawsuits & Class Action Settlements:

We tell you about cash you can claim EVERY WEEK! Sign up for our free newsletter.

Source link

National Cyber Security