Blackbaud settles with FTC after that IT breach exposed millions of people's info

2024-02-02 21:12

Blackbaud, which had data on millions of people stolen from it by one or more crooks, has promised to shore up its IT defenses in a proposed deal with the FTC. In announcing the draft settlement, the US watchdog's boss Lina Khan, Commissioner Rebecca Slaughter, and Commissioner Alvaro Bedoya blasted Blackbaud - a cloud software provider for schools, charities, and other orgs - for its "Unfair and deceptive data security practices" in a statement [PDF].

"The FTC charges that Blackbaud's reckless data retention practices rendered its security failures much more costly: by hoarding reams of data that it did not reasonably need, Blackbaud's breach exposed far more data," they said.

"Moreover, Blackbaud's notification alerting victims of the breach included false statements, which Blackbaud did not correct until months later - and months after it knew the statements were false."

The intruders extorted the software maker, and Blackbaud allegedly agreed to pay the miscreants about $235,000 to quietly go away and delete any pilfered documents, according to the FTC complaint.

Blackbaud wasn't able to verify that the crims really did scrap the swiped data.

A Blackbaud spokesperson told The Register the company neither admits nor denies any of the FTC's allegations in its proposed settlement, which is awaiting final sign-off from the regulator.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/02/ftc_blackbaud_settlement/

#breach #FTC