Security News > 2024 > February > FTC orders Blackbaud to boost security after massive data breach
Blackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people.
The FTC's complaint alleges that the company "Failed to monitor attempts by hackers to breach its networks, segment data to prevent hackers from easily accessing its networks and databases, ensure data that is no longer needed is deleted, adequately implement multifactor authentication, and test, review and assess its security controls" and "Allowed employees to use default, weak, or identical passwords for their accounts."
Blackbaud will also be barred from inaccurately portraying its data security and data retention protocols and will be required to create an information security program designed to rectify the concerns outlined in FTC's complaint.
"Blackbaud's shoddy security and data retention practices allowed a hacker to obtain sensitive personal data about millions of consumers. Companies have a responsibility to secure data they maintain and to delete data they no longer need," said Samuel Levine, Director of FTC's Bureau of Consumer Protection.
The FTC says that Blackbaud paid the ransomware gang that stole the personal data belonging to millions of people from its systems a ransom of 24 Bitcoin after the attackers threatened to leak the stolen data online.
Blackbaud disclosed the breach in July 2020 and later revealed that it impacted data belonging to over 13,000 Blackbaud business customers and their clients from the U.S., Canada, the U.K., and the Netherlands, including banking information, social security numbers, and plaintext credentials.
News URL
Related news
- Interbank confirms data breach following failed extortion, data leak (source)
- How to Effectively Manage a Data Breach (source)
- Amazon confirms employee data breach after vendor hack (source)
- HIBP notifies 57 million people of Hot Topic data breach (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- US space tech giant Maxar discloses employee data breach (source)
- Fintech giant Finastra investigates data breach after SFTP hack (source)
- Bologna FC confirms data breach after RansomHub ransomware attack (source)
- Rhode Island confirms data breach after Brain Cipher ransomware attack (source)
- Texas Tech University System data breach impacts 1.4 million patients (source)