DANIEL ISLAND, S.C. (WCSC) – Charleston-based software company Blackbaud is facing a security breach that affected nearly one-third of its customers and exposed more than 1 million files containing sensitive data to hackers. It still receives criticism.
Nearly four years after the breach, a legal team of at least 12 people is representing Blackbaud customers who want to file a class action lawsuit against the company over lax security and its handling of the breach.
Lawyers spent days working out the details in federal court. Each side argued that certain requirements must be met before a class action lawsuit can be filed. Blackbaud wants to avoid a major lawsuit, and lawyers for companies affected by the data loss have argued that the impact is too large to ignore and will have lasting consequences.
Blackbaud is a company that sells software to other companies that can be used to store information about customers. Blackbaud primarily sells to businesses focused on social change, including nonprofit organizations, animal shelters, clinics, and schools.
Customers of these companies share information with the Site. Blackbaud software promises to protect all your data, including your address, email, credit card information, social security number, and health information.
However, in May 2020, Blackbaud announced that hackers had infiltrated Blackbaud’s servers and accessed information on 13,000 companies undetected for three months. A lawyer representing the company that paid Blackbaud to store this sensitive data claims that Blackbaud is making light of the situation.
Blackbaud discovered the breach in May 2020 and alerted customers in July 2020. Blackbaud’s own investigation revealed that the breach gave him access to over 1 million files relating to over 13,000 of his Blackbaud customer companies.
Lawyers for the victims argue that Blackbaud knew about the security issues and was negligent and liable for the hack. They said Blackbaud had since been using “sticky keys,” had no encryption policy, did not use multi-factor authentication to access its servers, and had holes in its policies and software that scanned for problems. It also points out that there was no plan to fix it.
Most of these issues were acknowledged by Blackbaud’s own chief information security officer in 2019. He sent a companywide letter noting the need to address these issues and said the company was eight to 10 years behind the curve on security.
The company has already settled lawsuits with attorneys general in 49 states, including South Carolina Attorney General Alan Wilson, for $49.5 million. Blackbaud has also been fined by the FTC and SEC for lax security. Blackbaud faces an ongoing lawsuit from California’s attorney general.
Blackbaud claims that while this breach occurred, the company adequately communicated with its business customers about the breach and provided those companies with a template on how to communicate the breach to their customers as well.
Blackbaud does not claim the breach did not occur, but he opposes the class action lawsuit. They argue that their services are so diverse and customizable that the affected companies are having very disparate impacts and should not be lumped together in a class action under the law. ing.
Blackbaud says its software services range from accounting to fundraising to marketing. In that vein, each client company had the opportunity to choose the software to use and the information to enter into the software. Some enter only his name and email address, while others enter his social security number and health test data.
Federal Judge Joseph Anderson is tasked with determining whether hacking victims can sue the company over a single incident.
Copyright 2024 WCSC. All rights reserved.
