June 10, 2024
Washington, DC (Highpoint Digest) – On May 20, 2024, the Federal Trade Commission finalized an order against Blackbaud Inc. settling allegations that its lax security practices allowed a hacker to breach the company’s network and access the personal data of millions of consumers including Social Security and bank account numbers.
In a complaint first announced in February 2024, the FTC charged that the South Carolina firm, which provides data services and financial, fundraising, and administrative software services to companies, nonprofits and others, failed to implement appropriate safeguards to secure and protect the vast amounts of personal data it collects. As a result of these failures, a hacker in early 2020 exploited weaknesses in Blackbaud’s networks, which went undetected for three months, allowing the hacker to remove massive amounts of unencrypted sensitive consumer data belonging to Blackbaud’s customers. The company waited nearly two months to notify its customers about the breach and then misled consumers about the extent of the data that was initially stolen, according to the complaint.
Under the order, Blackbaud is required to delete data that it no longer needs to provide its products or services and is prohibited from misrepresenting its data security and data retention policies. The order also requires Blackbaud to develop a comprehensive information security program that would address the issues highlighted by the FTC’s complaint and put in place a data retention schedule outlining its data deletion practices. It also requires Blackbaud to notify the FTC if it experiences a future data breach that it is required to report to any other local, state, or federal agency.
It is believed the data breach has affected millions of consumers in the United States. In October 2023, Blackbaud, Inc. agreed to pay a $49.5 million settlement to be divided among all 50 states’ attorney generals.
The hacker was able to obtain consumers’ social security numbers, and bank account numbers.
Source: FTC
Image courtesy of GSA
