According to the FTC, Blackbaud’s poor security breach in February 2020
(2020 article)
led to a hacker accessing the company’s customer databases and stealing personal information of millions of consumers in the United States, Canada, the UK, and the Netherlands.
Blackbaud’s affected customers are mainly non-profits, such as healthcare agencies, charities, and educational organizations.
The FTC’s full report makes shocking reading
(PDF URL) #CoSoSec
https://www.ftc.gov/system/files/ftc_gov/pdf/Blackbaud-Complaint.pdf
Blackbaud "failed to monitor attempts by hackers to breach its networks, segment data to prevent hackers from easily accessing its networks and databases, ensure data that is no longer needed is deleted, adequately implement multifactor authentication, and test, review and assess its security controls" and that it "allowed employees to use default, weak, or identical passwords for their accounts."
@ecksmc Failed to monitor attempts by hackers to break in…so they didn’t essentially lock any doors and invited in fraudsters, liars and thieves. Keeps happening everywhere you look. Smh
As part of a settlement with the FTC, Blackbaud has been ordered to harden its security and delete unnecessary customer data.
https://www.ftc.gov/news-events/news/press-releases/2024/02/ftc-order-will-require-blackbaud-delete-unnecessary-data-boost-safeguards-settle-charges-its-lax
Last year, Blackbaud agreed to pay a $3 million charge from the SEC for misleading disclosures about its ransomware attack
https://www.sec.gov/news/press-release/2023-48
Blackbaud agreed to pay $49.5 million to settle claims brought by the attorney generals of 49 US states and Washington DC.
https://apnews.com/article/blackbaud-data-breach-settlement-dba8fac12af30f74691c7af4fec69a14