Blackbaud Enhances Security Measures Following FTC Settlement

Blackbaud, a major player in U.S. donor data management, recently settled with the Federal Trade Commission after facing scrutiny for a ransomware attack in May 2020.
This attack led to a substantial data breach affecting millions of individuals.
The FTC's concerns revolved around security lapses, including weak passwords and insufficient monitoring of hacking attempts.
The settlement marks a crucial step for Blackbaud, emphasising the need for enhanced security measures and data protection.
The FTC's complaint highlighted various security lapses by Blackbaud, including a failure to monitor hacking attempts, inadequate data segmentation, weak password practices, and a lack of multifactor authentication.
As part of the settlement, Blackbaud is now mandated to enhance its security measures and delete unnecessary customer data from its systems.
One crucial aspect of the settlement requires Blackbaud to establish a data retention schedule, outlining the rationale behind retaining personal data and specifying a timeline for its deletion.
The company is also obligated to promptly notify the FTC in the event of a data breach requiring reporting to relevant authorities.
The FTC alleges that Blackbaud paid a ransom of 24 Bitcoin to the ransomware gang that stole sensitive personal data.
The complaint reveals that the company did not verify whether the hacker actually deleted the stolen data.
The breach, disclosed in July 2020, impacted over 13,000 Blackbaud business customers and their clients across the U.S., Canada, the U.K., and the Netherlands, exposing banking information, social security numbers, and plaintext credentials.
The aftermath of the breach saw Blackbaud facing 23 proposed class-action lawsuits in the U.S. and Canada by November 2020.
In March 2023, the company agreed to pay $3 million to settle SEC charges for failing to disclose the full impact of the ransomware attack.
In October, Blackbaud agreed to a $49.5 million settlement to resolve a multi-state investigation supported by attorneys general from 49 U.S. states.
FTC Chair Lina M. Khan emphasised the severity of Blackbaud's failure to accurately convey the breach's scope, stating that it kept victims in the dark and delayed necessary protective actions.
The settlement not only addresses security measures but also requires Blackbaud to avoid misrepresenting its data security and retention protocols in the future.
This settlement serves as a reminder of the responsibility companies bear in securing and managing the data they handle.
It underscores the importance of robust cybersecurity practices, regular monitoring, and prompt disclosure in the event of a breach.
As we move through our online experiences, these incidents show how important it is for companies to protect data and be clear with their clients and stakeholders.


This Cyber News was published on www.cysecurity.news. Publication date: Sun, 04 Feb 2024 17:13:04 +0000


Cyber News related to Blackbaud Enhances Security Measures Following FTC Settlement

Blackbaud Enhances Security Measures Following FTC Settlement - Blackbaud, a major player in U.S. donor data management, recently settled with the Federal Trade Commission after facing scrutiny for a ransomware attack in May 2020. This attack led to a substantial data breach affecting millions of individuals. The ...
10 months ago Cysecurity.news
Blackbaud Faces Criticism for Cybersecurity Lapses After 2020 Data Breach - The cloud software company, Blackbaud, has come under fire from authorities for its major cybersecurity failings, stemming from a devastating ransomware attack in 2020. The attack exposed data from numerous educational institutions and non-profits ...
10 months ago Cysecurity.news
FTC to Blackbaud: We're not gonna fine you, but do better The Register - Back in February 2020, according to a formal complaint [PDF] raised by the FTC, criminals broke into Blackbaud's databases, remained undetected for three months, and stole files on about 13,000 of the biz's customers. The intruders extorted the ...
10 months ago Go.theregister.com
FTC orders Blackbaud to boost security after massive data breach - Blackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people. Blackbaud is a U.S.-based ...
10 months ago Bleepingcomputer.com
Data broker's "staggering" sale of sensitive info exposed in unsealed FTC filing - One of the world's largest mobile data brokers, Kochava, has lost its battle to stop the Federal Trade Commission from revealing what the FTC has alleged is a disturbing, widespread pattern of unfair use and sale of sensitive data without consent ...
1 year ago Arstechnica.com
FTC Bans Online Mental Health Firm From Sharing Certain Data - The Federal Trade Commission has proposed restricting a mental telehealth service firm from sharing consumer data and requiring it to pay a $7 million penalty to settle allegations that the firm used online tracking tools to unlawfully disclose ...
8 months ago Bankinfosecurity.com
FTC bans Rite Aid from using facial recognition surveillance for five years - Pharmacy chain Rite Aid is getting a timeout from AI facial recognition surveillance tech thanks to federal regulators. The U.S. Federal Trade Commission today announced a settlement with Rite Aid stating the chain recklessly deployed AI biometric ...
1 year ago Venturebeat.com
FTC investigation shuts down suspected antivirus scam The Register - A pair of tech support businesses accused of swindling marks out of their hard-earned cash have agreed to cough up a $26 million settlement following an undercover probe by the FTC. Restoro and Reimage - both headquartered in Cyprus and, based on the ...
9 months ago Go.theregister.com
BetterHelp Customers Begin Receiving Refund Notices From $7.8M Data Privacy Settlement, FTC Says - Many current and former BetterHelp customers have begun receiving refund eligibility notices spanning from a $7.8 million settlement reached with the online therapy provider last year over allegations that it shared sensitive health data with ...
7 months ago Securityweek.com
Hip Hip Hooray For Hipster Antitrust - The wheels of justice grind slowly, so many of the actions the FTC has brought are still pending. In tandem with the Department of Justice, it is suing over fake apartment listings, blocking noncompete clauses, targeting fake online reviews, and ...
10 months ago Eff.org
FTC Bars X-Mode from Selling Sensitive Location Data - Phone app location data brokers are a growing menace to our privacy and safety. Now the app tracks your every move and sends it to a broker, which then sells your location data to the highest bidder, from advertisers to police. The FTC's complaint ...
11 months ago Eff.org
FTC wins first settlement banning sale of location data The Register - Infosec in brief The US Federal Trade Commission has secured its first data broker settlement agreement, prohibiting X-Mode Social from sharing or selling sensitive location data. In its complaint, the FTC accused X-Mode, which sold its assets to ...
11 months ago Go.theregister.com
FTC fires 'shot across the bow' at automakers over connected-car data privacy - The Federal Trade Commission warned auto manufacturers on Tuesday that it is closely watching their data collection and sales activities, citing several recent enforcement actions which it suggested could apply to the industry's practice of sharing ...
7 months ago Therecord.media
Google To Pay $700m To Consumers In US Antitrust Settlement - Google agrees to pay $700m to US consumers in antitrust settlement with users and states as Epic presses to 'open Android ecosystem'. Google is to pay $700 million and allow more competition in its Play app store as part of an antitrust settlement ...
1 year ago Silicon.co.uk
Americans lost record $10 billion to fraud in 2023, FTC warns - The U.S. Federal Trade Commission says Americans lost over $10 billion to scammers in 2023, marking a 14% increase in reported losses compared to the previous year. To put this into context, Chainalysis says ransomware gangs also had a record year, ...
10 months ago Bleepingcomputer.com
Online Learning Security Best Practices - The rapid increase in remote learning has raised security concerns surrounding online learning platforms. The security of online learning platforms involves implementing robust measures to protect against unauthorized access and data breaches. By ...
11 months ago Securityzap.com
FTC soliciting contest submissions to help tackle voice cloning technology - The Federal Trade Commission is now accepting submissions for a contest designed to spur development of products and policies to protect consumers from the malicious use of voice cloning technology, which has been fueled by the advance of ...
11 months ago Therecord.media
Avast settles claims of customer data peddling for $17M The Register - Avast has agreed to cough up $16.5 million after the FTC accused the antivirus vendor of selling customer information to third parties. The US regulator filed [PDF] a lengthy complaint against Avast regarding its use and alleged misuse of customer ...
9 months ago Go.theregister.com
IaaS Security: Top 8 Issues & Prevention Best Practices - Understanding the risks, advantages, and best practices connected with IaaS security is becoming increasingly important as enterprises shift their infrastructure to the cloud. By exploring the top eight issues and preventative measures, as well as ...
1 year ago Esecurityplanet.com
IaaS vs PaaS vs SaaS Security: Which Is Most Secure? - Security concerns include data protection, network security, identity and access management, and physical security. While IaaS gives complete control and accountability, PaaS strikes a compromise between control and simplicity, and SaaS provides a ...
1 year ago Esecurityplanet.com
A Practitioner's Guide to Security-First Design - Instead, organizations must proactively fortify their defenses and enter the era of security-first design - an avant-garde approach that transcends traditional security measures. Security-first design is an approach that emphasizes integrating robust ...
1 year ago Feeds.dzone.com
Cerebral to pay $7 million settlement in Facebook pixel data leak case - The U.S. Federal Trade Commission has reached a settlement with telehealth firm Cerebral in which the company will pay $7,000,000 over allegations of mishandling people's sensitive health data. Cerebral is a remote telehealth company that provides ...
8 months ago Bleepingcomputer.com
FTC Warns AI Companies About Changing Policies to Leverage User Data - The Federal Trade Commission is warning AI companies against secretly changing their security and privacy policies in hopes of leveraging the data they collect from customers to feed models they use to develop their products and services. ...
10 months ago Securityboulevard.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
11 months ago Feeds.dzone.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
2 months ago Helpnetsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)