Free Newsletter
A 2020 data breach involving Blackbaud exposed sensitive information, including health and financial details and Social Security numbers, of donors or clients of 13,000 nonprofits.
Software maker pays $49.5M after data breach
The Associated Press//October 6, 2023//
The fundraising software company Blackbaud agreed Thursday to pay $49.5 million to settle claims brought by the attorneys general of 49 states and Washington, D.C., related to a 2020 data breach that exposed sensitive information from 13,000 nonprofits.
Health information, Social Security numbers and the financial information of donors or clients of the nonprofits, universities, hospitals and religious organizations that the company serves was the type of data that was exposed in the breach, according to Indiana Attorney General Todd Rokita, who co-led the investigation with Vermont.
Blackbaud, which offers software for fundraising and data management to nonprofits, first publicly acknowledged that an outside actor had gained access to its data on July 16, 2020, but downplayed the extent and sensitivity of the information that had been stolen, the attorneys general said. Over a million files were exposed in the breach.
The company paid the intruder a ransom in exchange for deleting the data.
Blackbaud agreed to strengthen its data security practices, improve customer notification in the event of another breach and to have an outside party assess its compliance with the terms of the settlement for seven years, the settlement said.
The company did not admit any wrongdoing under the terms of the agreement. Blackbaud said in a statement that it expected to pay the full settlement amounts in October.
Indiana will receive almost $3.6 million under the terms of the settlement, the most of any state, Rokita’s office said.
In March, the U.S. Security’s and Exchange Commission said it settled charges against Blackbaud for misleading investors about the nature of the information that was stolen. After initially saying that bank information and Social Security numbers were not accessed in the breach, employees of the company found that it had been but failed to notify senior leaders, the SEC said.
The company agreed to pay a $3 million fine to the SEC but did not admit wrongdoing.
Related Content
Top Legal News
- US Supreme Court boosts Exxon’s bid to get compensation from Cuba
- SCOTUS News: ‘State-court loser’ can’t seek relief in federal court
- Court of Appeals affirms dismissal of untimely appeal in estate property sale dispute
- US appeals court blocks Trump admin from enacting new plans to slash consumer watchdog staff
- Recovery facility properly classified as assisted living residence
- SCOTUS News: Justices uphold gun rights of marijuana users
- When is a PIP an adverse employment action?
- Lawsuit claims fatal negligence at Brunswick senior home
- Driveway dispute against homeowners association revived
- Judge formally ends US prosecution of Turkey’s Halkbank after Trump deal
- Luigi Mangione due in court June 17 in CEO murder case
Commentary
- When is a PIP an adverse employment action?
- Legally Speaking: What spring can teach us about active listening
- A useful patent management government notice
- Opinion: NC judges have enormous power. Be sure to vote in November
- The third option: Why your best employees are quietly losing their edge
- AI divorce is real, but family law can still save itself
- ‘AI won’t take your job’ and other things CEOs say before the layoffs
- When not to believe (your lyin’ eyes)
- Conduct a technology audit to improve law firm efficiency
- When the client brings ChatGPT to the consultation
- Content Marketing: Where law firms lose referrals and how to prevent it
- Your best people are not leaving for more money — they are leaving because you stopped paying attention
