Home>775Times>Nevada to Receive $559,000 in Nationwide Settlement with Blackbaud

Nevada to Receive $559,000 in Nationwide Settlement with Blackbaud

By TheNevadaGlobeStaff, October 5, 2023 5:10 pm

Nevada will receive $559,000 as part of a nationwide settlement with software company Blackbaud. The settlement resolves a lawsuit filed by Nevada Attorney General Aaron Ford and 49 other state attorneys general over deficiencies in Blackbaud’s data security practices and its response to a ransomware attack in 2020 that exposed the personal information of millions of customers nationwide.

Under the terms of the settlement, Blackbaud will improve its data security and breach notification practices and pay the states a combined $49.5 million.

The breach exposed a wide range of personal information, including contact and demographic information, Social Security numbers, driver’s license numbers, financial information, employment and wealth information, donation history, and protected information.

“I don’t want this incident to undermine the benevolence of those who give to charity,” Ford said in a statement. “Donating to a charity or other non-profit organization is an investment of time and money, and consumers that make that investment for the benefit of others should feel confident their sensitive personal information will be protected.”

As part of the settlement, Blackbaud will:

  • Prohibit misrepresentations related to the processing, storing, and safeguarding of personal information;
  • Implement and maintain incident and breach response plans to prepare for and more appropriately respond to future security incidents and breaches;
  • Create breach notification provisions that require Blackbaud to provide appropriate assistance to its customers and support customers’ compliance with applicable notification requirements in the event of a breach;
  • Implement security incident reporting to the CEO and Board, enhanced employee training, and appropriate resources and support for cybersecurity;
  • Implement personal information safeguards and controls requiring total database encryption and dark web monitoring;
  • Put in place specific security requirements with respect to network segmentation, patch management, intrusion detection, firewalls, access controls, logging and monitoring, and penetration testing; and
  • Require third-party assessments of Blackbaud’s compliance with the settlement for seven years.

Credits: KOLOTV

Copyright 2022 775 Times, NV Globe. All rights reserved.

Print Friendly, PDF & Email
Spread the news:


Leave a Reply

Your email address will not be published. Required fields are marked *