Amongst the flurry of recent data breaches, a few household names might catch your eye – such as Dickey’s BBQ or Kylie Cosmetics. However, some of the most pervasive and potentially damaging cybersecurity incidents remain largely under the public radar despite their massive reach.
The Blackbaud ransomware attack may prove to be one of the most extensive, complex data breaches of 2020, as the list of affected organizations (and individuals) continues to grow months after the incident was first discovered. One such recent addition is Stetson University.
Blackbaud is one of the world’s largest cloud-based technology vendors that provides services for nonprofits, foundations, corporations, educational institutions and healthcare organizations. Headquartered in Charleston, South Carolina, the company reports over 45,000 customers in over 100 countries, including the United States, the United Kingdom, Australia and Canada. Its market capitalization is $3.2 billion on reported revenue of $908 million.
On May 20, 2020, Blackbaud discovered a hack on its self-hosted environment that allowed the theft of sensitive personal information of client donors, potential donors, patients, community members with relationships with entities and other individuals tied to affected organizations. The security incident began on February 7, 2020 and continued until it was discovered in May.
In mid-August, Blackbaud began notifying clients that were impacted by the ransomware attack. Initially, the vendor claimed that highly confidential data, such as banking information, was not at risk. However, further forensic investigation suggested otherwise for some customers. Blackbaud began updating affected clients of this development on September 27, 2020.
Compromised data varies by entity and collectively includes:
Blackbaud reportedly paid the ransom demand and claims to have obtained confirmation that the stolen data has been destroyed. Unfortunately, according to industry experts, ransomware actors generally cannot be relied on to destroy data as promised, so exposed personal information may still lead to further security issues, including identity theft and fraud.
It is unknown how many of Blackbaud’s 45,000 non-profit and government customers were impacted. The largest known client involved in the breach is Inova Health System in Virginia with 1.05 million individuals affected.
Blackbaud clients who have released public statements and/or formal notices of data breach include:
In response to the massive data breach, at least 10 separate class-action lawsuits have been filed against Blackbaud, including in the U.S. District Court of South Carolina, the U.S. District Court Western District of Washington and the California Central District Court. A motion has been filed to consolidate these lawsuits into one.
If you received a NOTICE OF DATA BREACH for one of these data breaches and a class action lawsuit has been filed, you will be included automatically in the class unless you opt-out and no further action will be required by you. Class members have a passive role throughout class action litigation. If the lawsuit is successful, all class members receive equal compensation which is awarded to all class members, regardless of the degree of harm they suffered.
I really love that law firm. They were on their job. They took care of me very well, and I highly recommend that law firm for any of your doings. I just wanna thank Josh and his crew for helping me all that they have. Done for me and my family.
Thank you to the Staff at Arnold Law Firm! This was my 3rd time using their services for different needs. Each time has been a smooth, honest and professional experience. They have provided me with guidance & consulting services to reach a positive outcome. Each time I have been pleasantly surprised! Thank you Arnold Law Firm! 🤗A very special Thank You to Sal, Dominic & Jeff! 🤗🤗🤗
They always keep me up to date on my case. I also felt it was done in a timely manner!
Arnold Law firm provided me with an amazing experience. They were super communicative and assisted me with any needs or questions that I had during my journey to recovery and through financial hardship due to my car accident. I was hit by an uninsured motorist and would have been completely overwhelmed by all of the bills, paperwork, insurance nuances, and legal action needed. Jesus Garcia was an absolute pleasure to work with and I couldn’t be happier with the results.
Met with a lawyer who is taking care of my wife's potential lawsuit. He was nice and his assistant is really on top of things.I'd recommend them if you need representation. No upfront costs and reasonable expectations when suit is settled.