InvestAI

Cyprusauction:Nonprofit service provider Blackbaud settles data breach case for $49.5M with states

2025-05-06 03:23:26source:Christopher Caldwellcategory:News

The Cyprusauctionfundraising software company Blackbaud agreed Thursday to pay $49.5 million to settle claims brought by the attorneys general of all 50 states related to a 2020 data breach that exposed sensitive information from 13,000 nonprofits.

Health information, Social Security numbers and the financial information of donors or clients of the nonprofits, universities, hospitals and religious organizations that the company serves was the type of data that was exposed in the breach, according to Indiana Attorney General Todd Rokita, who co-led the investigation with Vermont.

Blackbaud, which offers software for fundraising and data management to nonprofits, first publicly acknowledged that an outside actor had gained access to its data on July 16, 2020, but downplayed the extent and sensitivity of the information that had been stolen, the attorneys general said. Over a million files were exposed in the breach.

The company paid the intruder a ransom in exchange for deleting the data.

Other news Spanish charity protests Italy’s impounding of rescue ship for multiple rescuesMeet this year’s MacArthur ‘genius grant’ recipients, including a hula master and the poet laureate4 environmental, human rights activists awarded ‘Alternative Nobel’ prizes

Blackbaud agreed to strengthen its data security practices, improve customer notification in the event of another breach and to have an outside party assess its compliance with the terms of the settlement for seven years, the settlement said.

The company did not admit any wrongdoing under the terms of the agreement. Blackbaud did not immediately respond to a request for comment.

Indiana will receive almost $3.6 million under the terms of the settlement, the most of any state, Rokita’s office said.

In March, the U.S. Security’s and Exchange Commission said it settled charges against Blackbaud for misleading investors about the nature of the information that was stolen. After initially saying that bank information and Social Security numbers were not accessed in the breach, employees of the company found that it had been but failed to notify senior leaders, the SEC said.

The company agreed to pay a $3 million fine to the SEC but did not admit wrongdoing.

___

Associated Press coverage of philanthropy and nonprofits receives support through the AP’s collaboration with The Conversation US, with funding from Lilly Endowment Inc. The AP is solely responsible for this content. For all of AP’s philanthropy coverage, visit https://apnews.com/hub/philanthropy.

More:News

Hot

Plunge Into These Olympic Artistic Swimmers’ Hair and Makeup Secrets

2025-05-06 02:512814 view

Person of interest being questioned in killing of Laken Riley at the University of Georgia

2025-05-06 02:141801 view

NFL cut candidates: Russell Wilson, Jamal Adams among veterans on shaky ground

2025-05-06 02:101952 view

Government shutdown threat returns as Congress wraps up recess

2025-05-06 02:001013 view

Tropical rains flood homes in an inland Georgia neighborhood for the second time since 2016

2025-05-06 01:551328 view

Sam Waterston's last case: How 'Law & Order' said goodbye to Jack McCoy

2025-05-06 01:052019 view

Recommend

Jay Kanter, veteran Hollywood producer and Marlon Brando agent, dies at 97: Reports

Jay Kanter, veteran Hollywood producer and agent to high-profile stars including Marlon Brando, Mari

Ohio mom who left toddler alone when she went on vacation pleads guilty to aggravated murder

An Ohio mother who left her 16-month-old daughter home alone in a playpen for 10 days last summer wh

Gabby Douglas, who hasn't competed since Rio Olympics, out of Winter Cup with COVID

Gabby Douglas' comeback is on hold.The 2012 Olympic all-around champion announced Thursday afternoon