Incident Details
Blackbaud, a software company based in South Carolina, has reached a multimillion-dollar agreement to settle claims related to a ransomware attack in 2020. This cyber incident resulted in the exposure of sensitive data belonging to numerous individuals across the United States. South Carolina's Attorney General, Alan Wilson, announced that Blackbaud will pay $49.5 million in response to allegations of breaching state consumer protection and notification laws, as well as violating HIPAA regulations due to inadequate data security measures. Specializing in software that facilitates communication between nonprofit organizations and their donors, Blackbaud handles a variety of personal information including contact details, demographics, Social Security and driver's license numbers, financial records, employment details, donation records, and protected health data. The security breach in 2020 affected approximately 13,000 Blackbaud clients and compromised the personal information of their customers.
Incident
How Did the Breach Happen?
In 2020, a ransomware incident led to the breach.
What Data has been Compromised?
The breached data consists of contact details, demographic information, Social Security numbers, driver's license numbers, financial details, employment and financial status details, donation records, and confidential health information.
Why Did the company's Security Measures Fail?
The states claimed in the settlement that the company's security measures were unsuccessful due to their failure to enforce adequate data security measures.
What Immediate Impact Did the Breach Have on the company?
The breach promptly resulted in the disclosure of private data belonging to millions of customers, resulting in legal proceedings initiated by the states and a settlement amounting to millions of dollars.
How could this have been prevented?
The breach could have been avoided if appropriate data security measures had been put in place.
What have we learned from this data breach?
The data breach has underscored the significance of enforcing robust data security protocols to safeguard personal data.
Summary of Coverage
In the year 2020, a software company from South Carolina known as Blackbaud faced a ransomware attack, leading to the unauthorized access of personal data belonging to a large number of individuals. This security breach prompted legal repercussions at the state level, resulting in a significant financial settlement. The compromised data encompassed various details such as contact information, demographics, as well as sensitive data like Social Security numbers and protected health information. Implementation of adequate data security protocols could have averted this breach. This occurrence highlights the critical necessity of strong data security practices in safeguarding personal information.