Minnesota reaches $780K settlement with Blackbaud over 2020 data breach

WCCO digital update: Morning of Oct. 5, 2023

ST. PAUL, Minn. -- A multi-million dollar settlement has been reached with a software company that failed to reveal a data breach that exposed personal information of millions for months, Minnesota Attorney General Keith Ellison announced Thursday.

In 2020, over 400 terabytes of sensitive data were stolen from Blackbaud, including social security numbers, payment card information and more.

According to the Attorney General's Office, the breach started as early as January 2020 and was not discovered by Blackbaud until at least May 2020. However, the breach was not announced until July 2020, two months later.

MORE NEWS: 3 teenage girls shot in east St. Paul, 1 fatally

Initial notifications of the data breach did not "accurately represent the scope and severity of the breach," Ellison said, adding that the company also refused to provide customers with information on what data had been accessed during the breach.

"This incident reflects one of the worst responses to a data breach I have seen to date," Ellison said. "Businesses that collect personal data need to both ensure that data is protected and respond appropriately to notify consumers if a data breach occurs."

Under the settlement, Blackbaud agreed to strengthen its data security and breach notification practices.

The settlement includes 49 other attorneys general. Minnesota will receive $780,000 of the $49.5 million settlement.

Blackbaud is a software company that serves various nonprofits, such as higher education institutions, K-12 schools, health care organizations and charities.

Read more
f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.