Blackbaud Reaches Multimillion-Dollar Agreement with States Over 2020 Ransomware Breach

In a significant development, software provider Blackbaud has reached a multimillion-dollar agreement with attorneys general from 49 states in the United States. This agreement is in connection with the massive ransomware breach that occurred in 2020, which had a profound impact on 13,000 nonprofit customers. Let’s delve into the details of this case and explore the aftermath of the breach.

Legal Action by Attorneys General

Following the ransomware attack, attorneys general from numerous states took legal action against Blackbaud. Their assertion was that the company concealed crucial information regarding the extent of the breach and the volume of records compromised. This legal action reflects the seriousness of the situation and seeks accountability from the software provider.

Extent of the Breach

The magnitude of the breach cannot be overstated, with over one million files compromised by the threat actors responsible. This vast amount of data falling into the wrong hands presents a significant risk to the affected organizations and their stakeholders. The breach has had far-reaching implications across the nonprofit sector.

Blackbaud’s Response and Controversy

In an attempt to retrieve the stolen data, Blackbaud made the controversial decision to pay its extortionists. The company believed it was necessary to obtain assurances that the stolen data had been deleted. However, this move drew heavy criticism from security experts who argued that capitulating to ransom demands only encourages further cyberattacks. Blackbaud’s response to the breach has been widely debated in cybersecurity circles, shining a light on the complexities of dealing with ransomware incidents.

Settlement with the SEC

Aside from the legal action taken by states, Blackbaud also faced scrutiny from the Securities and Exchange Commission (SEC). In a separate case, the SEC alleged that the company’s staff had misled investors regarding the impact of the ransomware breach. As a result, Blackbaud agreed to pay a settlement of $3 million. This case further underscores the need for transparency and accountability in dealing with cyber incidents.

Terms of the Agreement

In the current agreement with the states, Blackbaud has agreed to fortify its data security measures to prevent future breaches. Additionally, the company has committed to improving customer notification procedures in the event of another breach. To ensure compliance, a third-party assessment will assess their adherence to the terms of the settlement for a period of seven years. It is a step towards rebuilding trust and preventing similar incidents in the future.

Affected Organizations

The range of organizations impacted by this breach is extensive, covering hospitals, charities, religious organizations, and numerous universities both within and outside the United States. Some notable affected organizations include University College Oxford, the University of London, Canada’s Ambrose University, the University of York, the Rhode Island School of Design, Human Rights Watch, and mental health charity YoungMinds. The breadth of organizations affected demonstrates the widespread ramifications of this breach in various sectors.

The multimillion-dollar agreement reached between Blackbaud and 49 states is a significant step towards addressing the fallout from the 2020 ransomware breach. While Blackbaud maintains its innocence and denies any wrongdoing, their commitment to fortifying data security and improving customer notification procedures is crucial. The involvement of third-party assessment further ensures compliance over the seven-year assessment period. The incident serves as a stark reminder for organizations to prioritize data security and take proactive measures to mitigate cyber risks. Only by remaining vigilant and continually investing in robust security systems can we protect sensitive data from the growing threat of cybercrime.

Explore more

Bullski Launches Stage One Crypto Presale at Lowest Price

Introduction The recent launch of the Bullski presale on Friday, July 10 at 5pm UTC marks a significant entry point for participants looking for ground-floor opportunities within the Ethereum ecosystem. By opening its first stage at the lowest possible price point, the project invites a detailed examination of its structure, security measures, and long-term viability in an increasingly crowded digital

How Does Your Leadership Pace Shape Your Team’s Culture?

The silent rhythm established by a leader often speaks far louder than the formal mission statements or corporate values posted on the office walls. In a modern corporate environment, the subtle cues of an executive’s daily habits—the time stamps on emails, the frantic energy brought into a Monday morning briefing, or the lack of scheduled downtime—serve as the actual operating

Neeyamo and Darwinbox Partner to Unify Global HR and Payroll

The persistent fragmentation of human capital management systems often forces multinational corporations to navigate a labyrinth of disconnected spreadsheets and regional compliance hurdles that drain operational efficiency. As global markets become increasingly interconnected in 2026, the demand for a unified approach to managing a diverse workforce has moved from a luxury to a fundamental necessity. Neeyamo and Darwinbox have recognized

High Frequency vs. Ultra-Low Latency: A Comparative Analysis

The contemporary landscape of hardware optimization has undergone a seismic shift as manufacturers grapple with the physical limitations of signal integrity, making the pursuit of raw frequency secondary to the mastery of timing precision. This transition occurred during a period of extreme market volatility known as the “RAMmageddon” crisis, where the explosive demand for high-bandwidth memory in the artificial intelligence

How Will AI Redefine Corporate Strategy Toward 2030?

Introduction The rapid evolution of cognitive computing suggests that by the end of the decade, the traditional corporate hierarchy will be fundamentally remapped to prioritize machine intelligence over legacy manual processes. As organizations navigate the complexities of a post-digital era, the integration of artificial intelligence has transitioned from a competitive advantage to an absolute requirement for survival. Corporate strategy no