INDIANAPOLIS — Attorney General Todd Rokita announced a $49.5 million multistate settlement with software company Blackbaud, Thursday.
“Nonprofits doing their great work rely and depend on vendors like Blackbaud to protect sensitive and private information,” Attorney General Rokita said. “This type of leak is unacceptable, and we fought back on behalf of Hoosiers.”
A.G. Rokita and the attorney general of Vermont led a coalition of 50 attorney generals to investigate and negotiate a settlement after its reported deficient data security practices and response to a 2020 data breach.
The 2020 breach exposed the personal information of millions of consumers. Under the settlement, Blackbaud has agreed to overhaul its data security and breach notification practices and also make a $49.5 million payment to states.
Blackbaud provides software to various nonprofit organizations, including charities, schools, churches and healthcare organizations.
The customers used their software to connect with donors and manage data about their constituents, including demographic information. Social Security numbers, driver’s license numbers, financial information, donation history, and protected health information were also given to the company.
The information exposed during the 2020 breach impacted over 13,000 of the company’s customers and consumer constituents.
Allegations that Blackbaud violated state consumer protection laws, breach notification laws and HIPAA by failing to implement reasonable security which allowed hackers to access the network were resolved by the settlement.
Under the agreement by the A.G.’s office, Blackbaud has agreed to strengthen its data security and breach notification practices going forward.