{"id":4098,"date":"2024-06-18T14:53:36","date_gmt":"2024-06-18T19:53:36","guid":{"rendered":"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/blackbaud-fined-6m-after-2020-ransomware-attack"},"modified":"2024-06-18T14:53:36","modified_gmt":"2024-06-18T19:53:36","slug":"blackbaud-fined-6-75m-after-2020-ransomware-attack","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/06\/18\/blackbaud-fined-6-75m-after-2020-ransomware-attack\/","title":{"rendered":"Blackbaud Fined $6.75M After 2020 Ransomware Attack"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blt9caf0985c2155df7\/6671e0cc8d795c10bbf72836\/blackbaud_SOPA_Images_Limited_alamy.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/blackbaud-fined-6-75m-after-2020-ransomware-attack.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/blackbaud-fined-6-75m-after-2020-ransomware-attack.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Blackbaud, a South Carolina-based software company, has been ordered by the California Attorney General&#8217;s Office to pay $6.75 million to settle a ransomware attack that took place in May 2020.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The attack occurred due to poor security practices, the AG&#8217;s office said.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">After Blackbaud revealed that the threat actors compromised unencrypted Social Security numbers, bank account details, and login credentials, the company &#8220;then made misleading statements about the sufficiency of its data security efforts prior to the breach and about the extent of the breach to its nonprofit customers and the public,&#8221; <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/oag.ca.gov\/news\/press-releases\/attorney-general-bonta-secures-675-million-settlement-against-blackbaud-over\" rel=\"noopener\">stated the Attorney General&#8217;s press release<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">. &#8220;These actions violated the Reasonable Data Security Law, Unfair Competition Law, and the False Advertising Law related to data security.&#8221;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Private information from 13,000 nonprofits, universities, hospitals, and other organizations were compromised through Blackbaud, according to a government-led investigation, leading the company to pay a ransom of 24 bitcoins or $250,000.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The fine is part of a broader set of penalties. Blackbaud initially was fined $3 million in March 2023 before agreeing to a $49.5 million settlement with 49 states and Washington, DC. At the beginning of this year, however, the Federal Trade Commission ordered Blackbaud to also develop an information security program, as well as delete data that is no longer necessary for its services.&nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cyber-risk\/ftc-issues-5-6m-in-refunds-to-customers-after-ring-privacy-settlement\" rel=\"noopener\">The FTC argued<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> that though the company paid the ransom demanded by the threat actors, it did not take additional steps to ensure that the data was deleted, nor did it step up its security practices, including <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/cisco-duo-multifactor-authentication-service-breached\" rel=\"noopener\">implementing multifactor authentication<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, monitoring its network, and encrypting sensitive data, among other things.&nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;Not only did Blackbaud fail to protect consumers&#8217; personal information, but they misled the public of the full impact of the data breach,&#8221; stated Attorney General Bonta. &#8220;This is simply unacceptable. Today&#8217;s settlement will ensure that Blackbaud prioritizes safeguarding consumers&#8217; personal information and enhances security measures to prevent future incidents.&#8221;<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/blackbaud-fined-6m-after-2020-ransomware-attack\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Blackbaud, a South Carolina-based software company, has been ordered by<\/p>\n","protected":false},"author":12,"featured_media":4099,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-4098","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/blackbaud-fined-6-75m-after-2020-ransomware-attack.jpg?fit=1800%2C1013&ssl=1",1800,1013,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/blackbaud-fined-6-75m-after-2020-ransomware-attack.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/blackbaud-fined-6-75m-after-2020-ransomware-attack.jpg?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/blackbaud-fined-6-75m-after-2020-ransomware-attack.jpg?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/blackbaud-fined-6-75m-after-2020-ransomware-attack.jpg?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/blackbaud-fined-6-75m-after-2020-ransomware-attack.jpg?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/blackbaud-fined-6-75m-after-2020-ransomware-attack.jpg?fit=1800%2C1013&ssl=1",1800,1013,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/blackbaud-fined-6-75m-after-2020-ransomware-attack.jpg?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/blackbaud-fined-6-75m-after-2020-ransomware-attack.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/blackbaud-fined-6-75m-after-2020-ransomware-attack.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/blackbaud-fined-6-75m-after-2020-ransomware-attack.jpg?fit=1800%2C1013&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4098","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=4098"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4098\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/4099"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=4098"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=4098"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=4098"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}