Blackbaud’s Latest Data Breach Settlement
Four years since the event, Blackbaud is continuing to pay for its 2020 data breach. Most recently, they are now settling against charges of violations of HIPAA and California data security laws, which led to its breach. An incident in which hackers gained access to internal systems and personal data (including Social Security numbers, bank account information, and medical information), the breach also demonstrated what can happen when a company doesn’t promptly notify its customers. California authorities launched an investigation, discovering numerous vulnerabilities the hackers could exploit: lack of monitoring of suspicious behavior, no multifactor authentication, questionable data retention/disposal standards, and just insufficient security practices overall (which the company had previously misrepresented).
In the end, Blackbaud has paid quite a few fines. An almost $50 million settlement was agreed in 2023 between Blackbaud and all but one of the American states (including DC). This year also had them settle with the Federal Trade Commission (FTC) to delete all unnecessary data.
Now, it’s a $6.75 million penalty. This doesn’t count the numerous individual lawsuits the company continues to fend off. Blackbaud also has been ordered to strengthen their data security practices through system monitoring, improved incident response, better password security such as multifactor authentication, and responsible disposal policies for when data is no longer to be stored.
We have no shortage of breaches whose ripples continue to impact their targets long after the initial time frame. The past couple of years alone have had the MOVEit breach constantly in the news; the Snowflake breach has impacted numerous connected entities from Ticketmaster to Advanced Auto Parts. It has been similarly difficult to ignore the various reverberations of the SolarWinds hack a few years ago, originating from Russian hackers striking at US government agencies through an IT security vendor. These soft spots in the supply chain created headlines for months and years.
Letting cyber criminals into one’s internal systems is, it should go without saying, a must not. People’s vital data, such as Social Security numbers, can be used in numerous fraudulent activities, from identity theft to tax fraud, all of which make such a prolonged headache for the individual.
NetLib Security’s Encryptionizer product provides protection of stored data (and such headaches), transparently encrypting databases with no new hardware or programming required. When hackers eventually break in, ensure that they cannot simply make off with stolen data—your most important asset—for future fraud.