In response to a significant 2020 ransomware assault, Florida Attorney General Ashley Moody spearheaded a multistate lawsuit against Blackbaud and obtained $49.5 million from the software provider.
Millions of Americans’ personal information is thought to have been compromised by the hack.
In order to reinforce and improve consumer data protection, Blackbaud must review its data security and breach reporting procedures in light of the action.
Additionally, Blackbaud must give the states $49.5 million, of which Florida will get more than $3 million.
In the news: Conservative Group Releases Ad In Florida Slamming Rep. Gaetz For “Voting With Dems”
“We are holding Blackbaud, an international software company, accountable for a massive ransomware attack that compromised the personal information of potentially millions of consumers across the country, including those donating to charities, health care organizations, and other nonprofits. Now, we’ve secured more than $49 million, and the company must take steps to ensure customers’ personal data is protected,” said Moody.
Blackbaud, a South Carolina-based international business, provides software to various nonprofit organizations.
These organizations include charities, K–12 schools, further education establishments, health care providers, religious organizations, and cultural organizations. Customers of Blackbaud utilize the company’s software to communicate with donors and handle personal data, such as protected health information, Social Security and driver’s license numbers, financial data, employment and wealth details, and donation histories.
The 2020 data breach, which affected over 13,000 Blackbaud clients and its donors, made this extremely sensitive information public.
Last week’s action resolves allegations that Blackbaud violated state consumer protection laws, breach notification laws, and the Health Insurance Portability and Accountability Act by failing to implement reasonable data security and remediate known security gaps.
In the news: Israel To Take “Significant Military Steps” Against Hamas Terrorists As Death Toll Rises
In addition, Blackbaud must now strengthen its data security and breach notification practices going forward. The company will implement:
- Personal information safeguards and controls requiring total database encryption and dark web monitoring;
- Incident and breach response plans to prepare for and more appropriately respond to future security incidents and breaches;
- Breach-notification provisions that require Blackbaud to provide appropriate assistance to its customers and support customers’ compliance with applicable notification requirements in the event of a breach
- Security-incident reporting to the CEO and Board, enhanced employee training, and appropriate resources and support for cybersecurity
Florida, represented by the Florida Attorney General’s Office Consumer Protection Division Multistate and Privacy Bureau Chief Patrice Malloy and Senior Assistant Attorney General Henry Johnson, played a leading role in this investigation.
The following districts and states took part in the inquiry as well: Alaska, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin, and Wyoming.
Android Users, Click To Download The Free Press App And Never Miss A Story. Follow Us On Facebook and Twitter. Signup for our free newsletter.
We can’t do this without your help; visit our GiveSendGo page and donate any dollar amount; every penny helps