Blackbaud, has settled claims amounting to $49.5m, brought forward by the attorneys general of 49 American states and Washington, D.C.
This settlement stems from a significant 2020 data breach, which exposed sensitive details from approximately 13,000 nonprofit entities.
The breach revealed health data, Social Security numbers, and financial details pertaining to donors or clients connected to nonprofits, universities, hospitals, and religious institutions using Blackbaud’s services. Indiana Attorney General Todd Rokita and Vermont co-led the exhaustive investigation into this breach.
Initial communications from Blackbaud in July 2020 acknowledged external interference with their data. However, the gravity and sensitive nature of the exposed information were reportedly understated. It was later discovered that the breach compromised over a million files.
While Blackbaud negotiated with the external intruder by paying a ransom for the deletion of the exposed data, the company has now pledged to reinforce its data protection mechanisms. In future, the company has committed to enhance its customer communication strategy in case of any potential breaches. Furthermore, an external entity will be evaluating Blackbaud’s adherence to the settlement terms for the coming seven years. Notably, Blackbaud did not acknowledge any misconduct based on the agreement’s stipulations. The company has projected the complete payment of the settlement by October.
Indiana is set to receive nearly $3.6m from the settlement, the highest amount earmarked for any state, as shared by Rokita’s office. The U.S. Security’s and Exchange Commission (SEC) also addressed misleading communications by Blackbaud to investors about the nature of the stolen data earlier in March.
Copyright © 2023 RegTech Analyst
Copyright © 2018 RegTech Analyst