Blackbaud Fined $6.75M After 2020 Ransomware Attack

Threat actors were able to breach Blackbauds systems and compromise sensitive data, largely because of the companys poor cybersecurity practices and lack of encrypted data, the AG said.

Blackbaud, a South Carolina-based software company, has been ordered by the California Attorney Generals Office to pay $6.75 million to settle a ransomware attack that took place in May 2020.
The attack occurred due to poor security practices, the AGs office said.
After Blackbaud revealed that the threat actors compromised unencrypted Social Security numbers, bank account details, and login credentials, the company then made misleading statements about the sufficiency of its data security efforts prior to the breach and about the extent of the breach to its nonprofit customers and the public,
stated the Attorney Generals press release
. These actions violated the Reasonable Data Security Law, Unfair Competition Law, and the False Advertising Law related to data security.
Private information from 13,000 nonprofits, universities, hospitals, and other organizations were compromised through Blackbaud, according to a government-led investigation, leading the company to pay a ransom of 24 bitcoins or $250,000.
The fine is part of a broader set of penalties. Blackbaud initially was fined $3 million in March 2023 before agreeing to a $49.5 million settlement with 49 states and Washington, DC. At the beginning of this year, however, the Federal Trade Commission ordered Blackbaud to also develop an information security program, as well as delete data that is no longer necessary for its services.
The FTC argued
that though the company paid the ransom demanded by the threat actors, it did not take additional steps to ensure that the data was deleted, nor did it step up its security practices, including
implementing multifactor authentication
, monitoring its network, and encrypting sensitive data, among other things.
Not only did Blackbaud fail to protect consumers personal information, but they misled the public of the full impact of the data breach, stated Attorney General Bonta. This is simply unacceptable. Todays settlement will ensure that Blackbaud prioritizes safeguarding consumers personal information and enhances security measures to prevent future incidents.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Blackbaud Fined $6.75M After 2020 Ransomware Attack