State attorneys general were busy Thursday announcing their share of a $49.5 million settlement with software company Blackbaud related to a 2020 ransomware event that exposed the data of millions of people across the U.S.
Blackbaud said it reached the settlement with 49 states and the District of Columbia to end an investigation into a cyber incident announced in July 2020. The company said it has also agreed to “comply with applicable laws, not to make misleading statements related to its data protection, privacy, security, confidentiality, integrity, breach notification requirements and similar matters and to implement and improve certain cybersecurity programs and tools.”
Charleston, South Carolina based Blackbaud said it expects to pay the full settlement in October from its existing liquidity.
The attorney general of California did not participate in the multistate investigation and has an unresolved civil demand with Blackbaud, which provides donor-relationship software to nonprofits organizations such as charities, school districts, colleges and universities, and religious organizations.
The other attorneys general alleged Blackbaud violated state consumer protection and breach notification laws as well as the federal Health Insurance Portability and Accountability Act (HIPAA). Blackbaud discovered the data breach that affected more than 10,000 software customers and exposed personal identifiable information of millions of people on May 14, 2020 but did not disclose the incident for two months, the attorneys general said.
“Firms that sell software as a service have an obligation to safeguard it at the highest level and must be immediately forthcoming and proactive if a cybertheft does occur,” said New Jersey Attorney General Matthew J. Platkin in a statement.
“Nonprofits doing their great work rely and depend on vendors like Blackbaud to protect sensitive and private information,” Indiana Attorney General Todd Rokita said. “This type of leak is unacceptable.”
Indiana and Vermont led the multistate investigation.
Topics Cyber
Was this article valuable?
Here are more articles you may enjoy.
Cyber Insurance Market ‘Stable’ With Potential for Growth, Says AM Best 
US P/C Insurers Post Best Q1 Underwriting Result In 17 Years 
Zurich to Buy AIG’s Travel Insurance Business for $600 Million 
QBE to Non-Renew $500M of North American Mid-Market Biz 
