A software company that had a data breach that exposed the information of thousands of nonprofits will pay nearly $50 million in a multi-state settlement.
Indiana Attorney General Todd Rokita led the settlement agreement with Blackbaud and the Hoosier State will get the most money: $3.6 million.
"While it doesn’t make up for Blackbaud’s negligence, I am glad we have held them accountable for their actions," Rokita said.
Blackbaud provides software to nonprofits such as charities, schools and health care groups. The software helps those organizations connect with donors, managing data that includes financial information, Social Security numbers and health information.
Read more: IU reports records exposed in data breach are public domain
In May 2020, Blackbaud experienced a data breach, putting at risk the information of more than 13,000 customers. It didn’t begin notifying those customers of the breach until July 2020.
Rokita led a group of 50 attorneys general to investigate the breach, alleging that beyond failing to properly notify its customers, Blackbaud also lacked adequate safety measures.
In addition to paying $49.5 million under the settlement, the company will also implement new breach notification and data security programs.
Brandon is our Statehouse bureau chief. Contact him at bsmith@ipbs.org or follow him on Twitter at @brandonjsmith5 .
