Blackbaud Reaches Multimillion-Dollar Agreement with States Over 2020 Ransomware Breach

In a significant development, software provider Blackbaud has reached a multimillion-dollar agreement with attorneys general from 49 states in the United States. This agreement is in connection with the massive ransomware breach that occurred in 2020, which had a profound impact on 13,000 nonprofit customers. Let’s delve into the details of this case and explore the aftermath of the breach.

Legal Action by Attorneys General

Following the ransomware attack, attorneys general from numerous states took legal action against Blackbaud. Their assertion was that the company concealed crucial information regarding the extent of the breach and the volume of records compromised. This legal action reflects the seriousness of the situation and seeks accountability from the software provider.

Extent of the Breach

The magnitude of the breach cannot be overstated, with over one million files compromised by the threat actors responsible. This vast amount of data falling into the wrong hands presents a significant risk to the affected organizations and their stakeholders. The breach has had far-reaching implications across the nonprofit sector.

Blackbaud’s Response and Controversy

In an attempt to retrieve the stolen data, Blackbaud made the controversial decision to pay its extortionists. The company believed it was necessary to obtain assurances that the stolen data had been deleted. However, this move drew heavy criticism from security experts who argued that capitulating to ransom demands only encourages further cyberattacks. Blackbaud’s response to the breach has been widely debated in cybersecurity circles, shining a light on the complexities of dealing with ransomware incidents.

Settlement with the SEC

Aside from the legal action taken by states, Blackbaud also faced scrutiny from the Securities and Exchange Commission (SEC). In a separate case, the SEC alleged that the company’s staff had misled investors regarding the impact of the ransomware breach. As a result, Blackbaud agreed to pay a settlement of $3 million. This case further underscores the need for transparency and accountability in dealing with cyber incidents.

Terms of the Agreement

In the current agreement with the states, Blackbaud has agreed to fortify its data security measures to prevent future breaches. Additionally, the company has committed to improving customer notification procedures in the event of another breach. To ensure compliance, a third-party assessment will assess their adherence to the terms of the settlement for a period of seven years. It is a step towards rebuilding trust and preventing similar incidents in the future.

Affected Organizations

The range of organizations impacted by this breach is extensive, covering hospitals, charities, religious organizations, and numerous universities both within and outside the United States. Some notable affected organizations include University College Oxford, the University of London, Canada’s Ambrose University, the University of York, the Rhode Island School of Design, Human Rights Watch, and mental health charity YoungMinds. The breadth of organizations affected demonstrates the widespread ramifications of this breach in various sectors.

The multimillion-dollar agreement reached between Blackbaud and 49 states is a significant step towards addressing the fallout from the 2020 ransomware breach. While Blackbaud maintains its innocence and denies any wrongdoing, their commitment to fortifying data security and improving customer notification procedures is crucial. The involvement of third-party assessment further ensures compliance over the seven-year assessment period. The incident serves as a stark reminder for organizations to prioritize data security and take proactive measures to mitigate cyber risks. Only by remaining vigilant and continually investing in robust security systems can we protect sensitive data from the growing threat of cybercrime.

Explore more

Ethereum’s Fragile Recovery Faces Resistance and Low Demand

The Ethereum ecosystem is currently navigating a treacherous landscape where price action struggles to align with the technical milestones achieved during the most recent network upgrades. While the shift to a more scalable architecture was intended to invite a surge of institutional and retail capital, the reality in 2026 shows a market plagued by indecision and a noticeable lack of

macOS 28 Drops Support for Encrypted Mac OS Extended Volumes

The landscape of digital storage has shifted dramatically over the past decade, leaving legacy file systems struggling to keep pace with the rigorous security demands of modern computing environments. With the release of macOS 28, the long-standing compatibility for encrypted Mac OS Extended (HFS+) volumes has officially reached its end of life, signaling a definitive transition toward the more robust

CapCut Named 2026 Leader in AI Social Media Content Creation

The rapid evolution of generative artificial intelligence has fundamentally altered the digital landscape, shifting the burden of high-quality video production from specialized studios to the palm of every creator’s hand across the globe. By mid-2026, the demand for short-form content reached an all-time high, necessitating tools that could keep pace with the volatile trends of social media algorithms. CapCut emerged

How Will AI and RPA Shape Desktop Automation in 2026?

The integration of cognitive computing with traditional robotic process automation has fundamentally altered the way desktop environments operate across global industries today. No longer confined to the rigid, rule-based scripts of previous cycles, modern automation tools now serve as dynamic, goal-oriented assistants capable of navigating the intricacies of fragmented software landscapes. This shift has allowed organizations to bridge the significant

UiPath Navigates AI Pivot Amid Market Skepticism

The transition from legacy robotic process automation to a sophisticated, agent-centric architecture has forced enterprise software giants to fundamentally rethink their value propositions in an era defined by autonomous reasoning. This paradigm shift represents more than a mere software update; it is a complete structural overhaul that seeks to bridge the gap between simple task execution and complex cognitive decision-making.