Data Privacy & Cybersecurity » BlackBaud Admits Failure To Disclose, Pays Million Penalty

BlackBaud Admits Failure To Disclose, Pays $3 Million Penalty

February 12, 2024

BlackBaud Admits Failure To Disclose, Pays $3 Million Penalty

BlackBaud has settled Federal Trade Commission charges of poor security and reckless data retention practices. The charges stemmed from a 2020 data breach and ransomware attack that affected millions of people, according to an article by The Register.

Blackbaud is a NASDAQ-listed company with operations in many countries. The FTC’s complaint alleged that the company “failed to monitor attempts by hackers to breach its networks, segment data to prevent hackers from easily accessing its networks and databases, ensure data that is no longer needed is deleted, adequately implement multifactor authentication, and test, review and assess its security controls.”

It also allowed employees to use default, weak, or identical passwords for their accounts. Four months after the attack it submitted an 8-K filing that falsely called the risk associated with the stolen information “hypothetical.”

The ransomware gang that stole the personal data was paid 24 Bitcoin worth about $250,000 at the time, but according to the SEC, Blackbaud never verified that the hackers deleted the stolen data.

The settlement includes an FTC order for the company to improve its security, and ensure that it deletes unneeded customer data from all its systems. It is barred from describing its data security and data retention protocols inaccurately.

It is mandated to promptly notify the FTC of any data breach that requires reporting to relevant local, state, or federal agencies.

“Blackbaud’s shoddy security and data retention practices allowed a hacker to obtain sensitive personal data about millions of consumers. Companies have a responsibility to secure data they maintain and to delete data they no longer need,” said Samuel Levine, Director of FTC’s Bureau of Consumer Protection.

Daily Updates

Sign up for our free daily newsletter for the latest news and business legal developments.

Scroll to Top