Blackbaud Faces Criticism for Cybersecurity Lapses After 2020 Data Breach

The cloud software company, Blackbaud, has come under fire from authorities for its major cybersecurity failings, stemming from a devastating ransomware attack in 2020.
The attack exposed data from numerous educational institutions and non-profits that were clients of Blackbaud, including prominent UK universities and organisations like the National Trust and the Labour Party donors.
The ransomware attack, which began in February 2020 and was detected in May, had severe implications for the affected entities.
Blackbaud delayed notifying victims for almost two months and openly admitted to paying a ransom of 24 bitcoin to the attackers, without verifying the deletion of the compromised data.
The US Federal Trade Commission has issued a complaint against Blackbaud, accusing the company of failing to implement adequate safeguards to protect customer data.
The FTC highlighted Blackbaud's deceptive practices, alleging the company failed to follow recommended incident response best practices, including monitoring unauthorised access attempts, segmenting data, implementing multi-factor authentication, and regularly assessing security controls.
The FTC specifically criticised Blackbaud for retaining customer data beyond necessary periods and allowing its employees to use weak or default passwords.
These lapses enabled the threat actor to move freely within Blackbaud's systems, exploiting vulnerabilities, and accessing unencrypted customer data.
In response to these security breaches, the FTC is proposing an order requiring Blackbaud to delete unnecessary data, refrain from misrepresenting its security practices, and establish a comprehensive cybersecurity program.
The order would also mandate Blackbaud to notify the FTC promptly in case of future breaches.
This isn't the first time Blackbaud has faced consequences for its actions.
The company has previously been penalised by the Securities and Exchange Commission and reached a settlement of $49.5 million with all 50 US states.
Last year, it faced reprimands from the UK's Information Commissioner's Office.
The FTC's complaint emphasises that companies like Blackbaud have a responsibility to secure and manage the data they hold.
As we are assimilating another incident of this margin, it draws on the importance of robust cybersecurity measures and prompt incident response in safeguarding sensitive data.
The proposed FTC order aims to ensure accountability and adherence to best practices, urging Blackbaud to take decisive steps in enhancing its cybersecurity protocols.
This incident serves as a stark reminder to organisations and individuals alike about the critical need for gearing up their security practices in the face of growing cyber threats.
As Blackbaud faces regulatory scrutiny, the broader implications underscore the ongoing challenges and responsibilities associated with protecting sensitive information in the digital age.


This Cyber News was published on www.cysecurity.news. Publication date: Thu, 08 Feb 2024 16:13:04 +0000


Cyber News related to Blackbaud Faces Criticism for Cybersecurity Lapses After 2020 Data Breach

Blackbaud Faces Criticism for Cybersecurity Lapses After 2020 Data Breach - The cloud software company, Blackbaud, has come under fire from authorities for its major cybersecurity failings, stemming from a devastating ransomware attack in 2020. The attack exposed data from numerous educational institutions and non-profits ...
9 months ago Cysecurity.news
Blackbaud Enhances Security Measures Following FTC Settlement - Blackbaud, a major player in U.S. donor data management, recently settled with the Federal Trade Commission after facing scrutiny for a ransomware attack in May 2020. This attack led to a substantial data breach affecting millions of individuals. The ...
9 months ago Cysecurity.news
FTC orders Blackbaud to boost security after massive data breach - Blackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people. Blackbaud is a U.S.-based ...
9 months ago Bleepingcomputer.com
FTC to Blackbaud: We're not gonna fine you, but do better The Register - Back in February 2020, according to a formal complaint [PDF] raised by the FTC, criminals broke into Blackbaud's databases, remained undetected for three months, and stole files on about 13,000 of the biz's customers. The intruders extorted the ...
9 months ago Go.theregister.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
10 months ago Securityboulevard.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
9 months ago Securityzap.com
Fortinet Contributes to World Economic Forum's Strategic Cybersecurity Talent Framework - Shining a light on the cybersecurity workforce challenge, the World Economic Forum recently published its Strategic Cybersecurity Talent Framework, which is intended to serve as a reference for public and private decision-makers concerned by the ...
6 months ago Feeds.fortinet.com
Student Cybersecurity Clubs: Fostering Online Safety - Student cybersecurity clubs are playing a crucial role in promoting online safety among students. Student cybersecurity clubs play a vital role in this regard, as they provide a platform for students to learn about the latest threats, share best ...
10 months ago Securityzap.com
HPE investigates new breach after data for sale on hacking forum - Hewlett Packard Enterprise is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information. The company has told ...
9 months ago Bleepingcomputer.com
Growing threats outpace cybersecurity workforce - The cybersecurity skills shortage threatens the well-being and even survival of numerous businesses as cybersecurity threats grow more numerous, sophisticated, and dangerous to the point that cybersecurity groups have vowed not to pay ransom demands. ...
9 months ago Legal.thomsonreuters.com
How to become a cybersecurity architect - Cybersecurity architects implement and maintain a comprehensive cybersecurity framework to protect their company's digital assets. The cybersecurity architect position is a fundamental role that all organizations need, said Lester Nichols, director ...
4 months ago Techtarget.com
Fewer cybersecurity professionals losing their jobs in breach 'blame' game - Cybersecurity job loss after a major incident is becoming less likely as organizations drop the "Blame" game for more practical approaches to breach prevention, a survey of 500 CISOs shows. More than 95% of CISOs reported their teams received greater ...
11 months ago Scmagazine.com
Welltok Data Breach: 8.5M US Patients' Information Exposed - In a recent cybersecurity incident, Welltok, a leading healthcare Software as a Service provider, reported unauthorized access to its MOVEit Transfer server, affecting the personal information of approximately 8.5 million patients in the United ...
11 months ago Securityboulevard.com
Cybersecurity Curriculum Development Tips for Schools - With the constant threat of cyber attacks, schools must prioritize the development of a robust cybersecurity curriculum to equip students with the necessary skills and knowledge. This article provides valuable insights and tips for schools aiming to ...
10 months ago Securityzap.com
The Importance of Cybersecurity Education in Schools - Cybersecurity education equips students with the knowledge and skills needed to protect themselves and others from cyber threats. Cybersecurity education can teach students about the impact of cyberbullying, how to prevent it, and how to respond ...
11 months ago Securityzap.com
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents - The U.S. Securities and Exchange Commission recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. "Currently, many public companies provide cybersecurity disclosure ...
11 months ago Feeds.dzone.com
How Can Data Breach Be A Trouble For Your Industry? - To navigate an era of cyber risks, this unsettling reality necessitates a renewed focus on data integrity protection and digital asset protection. In this blog, we will discuss a data breach in the Hospitality industry. Some of the companies like MGM ...
10 months ago Securityboulevard.com
What the cybersecurity workforce can expect in 2024 - For cybersecurity professionals, 2023 was a mixed bag of opportunities and concerns. The good news is that the number of people in cybersecurity jobs has reached its highest number ever: 5.5 million, according to the 2023 ISC2 Global Workforce Study. ...
10 months ago Securityintelligence.com
Cybersecurity Training for Business Leaders - This article explores the significance of cybersecurity training for business leaders and its crucial role in establishing a secure and resilient business environment. By examining the key components of effective training programs and the ...
9 months ago Securityzap.com
Welltok data breach exposes data of 8.5 million US patients - Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Welltok works with health service ...
11 months ago Bleepingcomputer.com
Digital Learning Tools for Cybersecurity Education - In the field of cybersecurity education, digital learning tools have become indispensable. This article explores various digital learning tools tailored specifically to cybersecurity education. These digital learning tools play a crucial role in ...
10 months ago Securityzap.com
Goto Customers Backup Data Breach: Protect Your Business and Handle Data Breach Risks - A data breach at Goto customers exposed their backup data to malicious actors, leading to a data breach that impacted those customers. Businesses need to be aware of the risks associated with data breaches and how to protect their organisations from ...
1 year ago Securityaffairs.com
AvidXchange Notifies Consumers of Data Breach Following Period of Unauthorized Access - On October 13, 2023, AvidXchange, Inc. filed a notice of data breach with the Attorney General of Massachusetts after discovering that a recent cybersecurity event resulted in an unauthorized party being able to access the company's IT network. In ...
11 months ago Jdsupra.com
Gamification in Cybersecurity Education - Gamification has become increasingly prevalent in numerous domains, including cybersecurity education. Gamification presents a promising approach to meet this challenge, making cybersecurity education both effective and enjoyable. One way to ...
10 months ago Securityzap.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)