Home Fifty states to receive $49.5M settlement from software company in data breach
Local

Fifty states to receive $49.5M settlement from software company in data breach

Rebecca Barnabi
cybersecurity
(© Pixels Hunter – stock.adobe.com)

Fifty state attorneys general have reached a settlement with software company Blackbaud for deficient data security practices.

In 2020, a ransomware event exposed the personal information of millions of American consumers. Blackbaud agreed to overhaul its data security and breach notification practices and make a $49.5 million payment to the states.

Virginia will receive $1,028,087.00 from the settlement.

“Businesses and firms that collect and secure personal information have a responsibility to ensure that it doesn’t fall into the wrong hands. They have an added duty to promptly report and handle data breaches when they occur,” Virginia Attorney General Jason Miyares said. “This settlement will help restore consumers’ confidence that their personal information will be better prioritized and protected moving forward.”

Blackbaud provides software to various nonprofit organizations, including charities, higher education institutions, K-12 schools, healthcare organizations, religious organizations and cultural organizations. Customers use Blackbaud’s software to connect with donors and manage data about their constituents, including contact and demographic information, Social Security numbers, driver’s license numbers, financial information, employment and wealth information, donation history and protected health information. The highly sensitive information was exposed during the 2020 data breach and impacted more than 13,000 Blackbaud customers and their respective consumer constituents.

The settlement resolves allegations that Blackbaud violated state consumer protection laws, breach notification laws and HIPAA by failing to implement reasonable data security and remediate known security gaps. Blackbaud then failed to provide customers with timely, complete or accurate information regarding the breach, as required by law.

Under the settlement, Blackbaud has agreed to strengthen its data security and breach notification practices going forward, including:

  • Prohibition against misrepresentations related to the processing, storing and safeguarding of personal information; the likelihood that personal information affected by a security incident may be subject to further disclosure or misuse; and breach notification requirements under state law and HIPAA.
  • Implementation and maintenance of incident and breach response plans to prepare for and more appropriately respond to future security incidents and breaches.
  • Breach notification provisions that require Blackbaud to provide appropriate assistance to its customers and support customers’ compliance with applicable notification requirements in the event of a breach.
  • Security incident reporting to the CEO and Board, enhanced employee training and appropriate resources and support for cybersecurity.
  • Personal information safeguards and controls requiring total database encryption and dark web monitoring.
  • Specific security requirements with respect to network segmentation, patch management, intrusion detection, firewalls, access controls, logging and monitoring, and penetration testing.
  • Third-party assessments of Blackbaud’s compliance with the settlement for seven years.

Support AFP




Latest News

john mcguire
U.S. & World

John McGuire takes lead on birthright citizenship with new legislation

tony schiavone aew
Etc.

AEW ‘Dynamite’ returns to Norfolk for Wednesday, Sept. 16 show

Tony Khan must have had a decent time in Roanoke the other night, because he’s bringing AEW back to Virginia for a live “Dynamite” broadcast emanating out of the Chartway Arena on the campus of ODU in Norfolk on Wednesday, Sept. 16.

police car
Local

RISE Greene County to raise issue at BOS meeting with Sheriff’s Office working with ICE

A community group in Greene County is hoping to pack the chambers for tonight’s Greene County Board of Supervisors meeting to raise issue with the Greene County Sheriff’s Office partnership with ICE.

waynesboro map
Local

Developing: Waynesboro Schools superintendent rumored to be considering retirement

power line workers
Virginia

Ghazala Hashmi takes leadership role on state review of proposed NextEra-Dominion merger

kyle guy
Basketball

UVA Basketball: Kyle Guy signs two-year deal with Spanish club team

charlottesville map
Local

Charlottesville: Market Street Parking Garage operating at reduced capacity