Carding 4 Carders
Professional
- Messages
- 2,724
- Reaction score
- 1,588
- Points
- 113
After a three-year investigation into the data leak, the final verdict was reached.
A multi-month investigation into the May 2020 cyber incident with Blackbaud, one of the leading cloud computing providers, has ended. The payment agreement was reached between the company and the attorneys General of 49 US states in the amount of $49.5 million.
Blackbaud specializes in providing cloud computing software solutions for non-profit organizations: schools, hospitals, charities, and in particular, managing donor databases.
The July 2020 data breach involved highly sensitive data belonging to more than 13,000 Blackbaud business customers and their customers from the United States, Canada, the United Kingdom, and the Netherlands. During the attack, the attackers stole unencrypted banking information, login details and social security numbers. After the attackers claimed that all the stolen data was destroyed, Blackbaud paid a ransom.
The $49.5 million settlement was aimed at settling charges that the company violated consumer protection laws, the Notification of Violations and the Health Insurance Portability and Accountability Act (Health Insurance Portability and Accountability ActHIPAA).
As part of the settlement, Blackbaud undertakes to:
In a report for the third quarter of 2020, Blackbaud disclosed that at least 43 state and District of Columbia attorneys General investigated the incident. By November 2020, 23 lawsuits were filed with a proposal to organize consumer class actions in connection with a security incident in the United States and Canada.
The company also agreed to pay $3 million to settle charges brought by the Securities and Exchange Commission (SEC) that the firm did not disclose the full extent of the consequences of the 2020 cyberattack. As a result, the SEC report omitted important details about the full extent of the breach, and also downplayed the potential risks associated with attackers accessing sensitive donor information, which was described as a hypothetical risk.
A multi-month investigation into the May 2020 cyber incident with Blackbaud, one of the leading cloud computing providers, has ended. The payment agreement was reached between the company and the attorneys General of 49 US states in the amount of $49.5 million.
Blackbaud specializes in providing cloud computing software solutions for non-profit organizations: schools, hospitals, charities, and in particular, managing donor databases.
The July 2020 data breach involved highly sensitive data belonging to more than 13,000 Blackbaud business customers and their customers from the United States, Canada, the United Kingdom, and the Netherlands. During the attack, the attackers stole unencrypted banking information, login details and social security numbers. After the attackers claimed that all the stolen data was destroyed, Blackbaud paid a ransom.
The $49.5 million settlement was aimed at settling charges that the company violated consumer protection laws, the Notification of Violations and the Health Insurance Portability and Accountability Act (Health Insurance Portability and Accountability ActHIPAA).
As part of the settlement, Blackbaud undertakes to:
- Develop and maintain a security incident response plan;
- Provide appropriate assistance to your customers in the event of a security breach;
- Report security incidents to your Chief Executive and board of Directors, and improve training for your employees;
- Implement security guarantees for personal information, including full database encryption and dark web monitoring;
- Strengthen security through network segmentation, patch management, intrusion detection systems, firewalls, access control, logging and monitoring, and penetration testing;
- Allow third-party organizations to evaluate the company's compliance with the terms of the agreement for 7 years.
In a report for the third quarter of 2020, Blackbaud disclosed that at least 43 state and District of Columbia attorneys General investigated the incident. By November 2020, 23 lawsuits were filed with a proposal to organize consumer class actions in connection with a security incident in the United States and Canada.
The company also agreed to pay $3 million to settle charges brought by the Securities and Exchange Commission (SEC) that the firm did not disclose the full extent of the consequences of the 2020 cyberattack. As a result, the SEC report omitted important details about the full extent of the breach, and also downplayed the potential risks associated with attackers accessing sensitive donor information, which was described as a hypothetical risk.
