Nonprofit Service Provider Blackbaud Settles Data Breach Case for $49.5M With States

Fundraising software company Blackbaud has agreed to pay $49.5 million to settle claims brought by attorneys general of 49 states and Washington, D.C., related to a 2020 data breach. The breach exposed sensitive information from 13,000 nonprofits, including health information, Social Security numbers, and financial data. Blackbaud initially downplayed the extent of the breach but later paid a ransom to the intruder. As part of the settlement, Blackbaud will enhance its data security practices, improve customer notification procedures, and undergo external compliance assessments for seven years. The company did not admit any wrongdoing. Indiana will receive the highest settlement amount of nearly $3.6 million. In March, Blackbaud also settled charges with the SEC for misleading investors about the stolen information.