It also drew a flurry of litigation after Blackbaud paid the ransom and then downplayed the seriousness of the event. The nonprofit software company agreed to pay California $6.75 million and not to make misleading statements about its data protection. In October, Blackbaud agreed to pay 49 states and the District of Columbia $49.5 million to settle a separate action and has paid $3 million to the SEC. The cases mean Blackbaud blew through its insurance coverage and was on the hook for the rest of the expenses. In the cases, Blackbaud did not admit to any wrongdoing. However, the FTC announcement was the most stinging descriptions saying Blackbaud failed to monitor hacker attempts to breach its networks, segment data to prevent them from easily accessing its networks and databases, ensure unneeded data tis deleted, adequately implement multifactor authentication, and test, review and assess its security controls. It also allowed employees to use default, weak, or identical passwords, according to the FTC.
Estimated reading time: 1 minute, 0 seconds
B’BAUD SETTLES WITH CALIFORNIA Featured
Blackbaud has reached a settlement with the state of California stemming from a 2020 ransomware attack on the company’s data that drew a February statement from the Federal Trade Commission referring to “Blackbaud’s shoddy security and data retention” policies.
Most Read
-
-
May 19 2021
-
Written by BobWScott
-
-
-
May 22 2017
-
Written by mark
-
-
-
May 22 2017
-
Written by BobWScott
-
-
-
May 25 2016
-
Written by mark
-