Please ensure Javascript is enabled for purposes ofwebsite accessibility
News
Weather
Cherry Blossom
Radar
Closings
Maps
Hurricane Center
Lunchbox Weather
Weather cameras
First Alert Weather Blog
ABC logo
I Team
Sports
Game Center
Watch

Now

67

Wed

89

Thu

77

DC to receive $350K in settlement with nonprofit service provider over nationwide data breach

by Associated Press

Thu, October 5th 2023 at 6:54 PM
UserWay icon for accessibility widget
D.C. Attorney General Brian Schwalb September 13, 2023 (7News)
D.C. Attorney General Brian Schwalb September 13, 2023 (7News)
Facebook Share IconTwitter Share IconEmail Share Icon

ARLINGTON, Va. (7News) — Washington, D.C. Attorney General Brian Schwalb announced Thursday that the Office of the Attorney General (OAG) – along with 49 other attorneys general – reached a settlement with software company Blackbaud, which provides software to charities and schools.

The fundraising software company agreed to pay $49.5 million to settle claims related to its deficient data security practices and its response to a 2020 ransomware event that exposed the personal information of millions of people across the U.S., including 13,000 nonprofits and thousands of D.C. residents.

D.C. will receive $355,210 under the terms of the settlement.

Health information, Social Security numbers and the financial information of donors or clients of the nonprofits, universities, hospitals and religious organizations that the company serves was the type of data that was exposed in the breach, according to Indiana Attorney General Todd Rokita, who co-led the investigation with Vermont.

Blackbaud, which offers software for fundraising and data management to nonprofits, first publicly acknowledged that an outside actor had gained access to its data on July 16, 2020, but downplayed the extent and sensitivity of the information that had been stolen, the attorneys general said. Over a million files were exposed in the breach.

The company paid the intruder a ransom in exchange for deleting the data.

Blackbaud agreed to strengthen its data security practices, improve customer notification in the event of another breach and to have an outside party assess its compliance with the terms of the settlement for seven years, the settlement said.

The company did not admit any wrongdoing under the terms of the agreement. Blackbaud said in a statement that it expected to pay the full settlement amounts in October.

In March, the U.S. Security's and Exchange Commission said it settled charges against Blackbaud for misleading investors about the nature of the information that was stolen. After initially saying that bank information and Social Security numbers were not accessed in the breach, employees of the company found that it had been but failed to notify senior leaders, the SEC said.

The company agreed to pay a $3 million fine to the SEC but did not admit wrongdoing.

Stay Connected
Facebook Icon
Like Us
Twitter Icon
Follow Us
sbg-envelopeNewsletter Sign up /sign-up
TermsEEOFCCFCCPrivacy PolicyCookie PolicyCookie Preferences
Loading ...