Nevada will receive $559,000 as part of a nationwide settlement with software company Blackbaud. The settlement resolves a lawsuit filed by Nevada Attorney General Aaron Ford and 49 other state attorneys general over deficiencies in Blackbaud’s data security practices and its response to a ransomware attack in 2020 that exposed the personal information of millions of customers nationwide.
Under the terms of the settlement, Blackbaud will improve its data security and breach notification practices and pay the states a combined $49.5 million.
The breach exposed a wide range of personal information, including contact and demographic information, Social Security numbers, driver’s license numbers, financial information, employment and wealth information, donation history, and protected information.
“I don’t want this incident to undermine the benevolence of those who give to charity,” Ford said in a statement. “Donating to a charity or other non-profit organization is an investment of time and money, and consumers that make that investment for the benefit of others should feel confident their sensitive personal information will be protected.”
As part of the settlement, Blackbaud will:
- Prohibit misrepresentations related to the processing, storing, and safeguarding of personal information;
- Implement and maintain incident and breach response plans to prepare for and more appropriately respond to future security incidents and breaches;
- Create breach notification provisions that require Blackbaud to provide appropriate assistance to its customers and support customers’ compliance with applicable notification requirements in the event of a breach;
- Implement security incident reporting to the CEO and Board, enhanced employee training, and appropriate resources and support for cybersecurity;
- Implement personal information safeguards and controls requiring total database encryption and dark web monitoring;
- Put in place specific security requirements with respect to network segmentation, patch management, intrusion detection, firewalls, access controls, logging and monitoring, and penetration testing; and
- Require third-party assessments of Blackbaud’s compliance with the settlement for seven years.
Copyright 2022 775 Times, NV Globe. All rights reserved.
- UNLV President Addresses Final Exams and Commencement Plans Following Tragedy - December 8, 2023
- President Biden Addresses High-Speed Rail Funding in Las Vegas - December 8, 2023
- UNLV: Third Victim Identified in Campus Shooting - December 8, 2023