Nearly $50M settlement to be paid by Blackbaud for ransomware breach

Major cloud software provider Blackbaud has agreed to pay $49.5 million to 49 U.S. states in an effort to resolve allegations of consumer protection and breach notification law, as well as Health Insurance Portability and Accountability Act, violations that resulted in a massive ransomware attack in 2020, reports BleepingComputer. More than 13,000 of Blackbaud's business customers and clients in the U.S., Canada, the Netherlands, and the U.K., had their login credentials, unencrypted banking data, and Social Security numbers compromised due to the attack. Aside from paying the $49.5 million settlement, Blackbaud has also been compelled to ensure breach response plan implementation, inform executives regarding security incidents, strengthen employee cybersecurity training, bolster personal information security controls, enhance network defenses, permit third-party evaluations of settlement compliance for the next seven years, and offer necessary breach assistance if needed. "Carelessness cannot justify the compromise of consumer data. Companies must be committed to safeguarding personal information, meeting consumers' rightful expectations of data privacy and protection," noted Ohio Attorney General Dave Yost.