BlackBaud settles FTC charges on ransomware data breach

Major U.S. cloud software provider Blackbaud has agreed to bolster its security defenses and remove unneeded customer data from its systems to settle charges by the Federal Trade Commission alleging the company's several security failings that resulted in a massive ransomware attack in 2020, reports BleepingComputer. The FTC has also ordered Blackbaud, which paid $250,000 worth of Bitcoin to prevent the exposure of stolen data without verifying hackers' deletion of such information, to establish both an information security program and a data retention schedule, as well as ensure immediate breach notifications to the agency. "Blackbaud's failure to accurately convey the scope and severity of the breach kept victims in the dark and delayed them from taking protective actions, making a bad situation even worse," said FTC Chair Lina Khan and Commissioners Alvaro Bedoya and Kelly Slaughter. Such a development comes months after Blackbaud agreed to settle multi-state charges regarding the breach for $49.5 million.