Blackbaud Data Breach

Data breaches are an ever-growing danger as our world becomes increasingly digitized. That’s why it’s of paramount importance for companies storing sensitive information to have the strongest security possible against cybercrimes. Unfortunately, it still happens time and again: lax security measures allow individuals’ and companies’ information to be compromised, threatening their financial security and identity.

The 2020 ransomware attack against Blackbaud is particularly distressing, because it impacted numerous foundations and healthcare organizations that store people’s medical records and contact information. The situation was made potentially worse, because the cloud software company waited months to publicly announce the data breach – leaving many customers in the dark and unable to act immediately to protect their information. A list of organizations affected by the breach can be found here.

In a ransomware attack, cybercriminals infiltrate a company’s system, lock down and make copies of sensitive data, and charge a ransom to give it back. Blackbaud’s announcement explains that it managed to prevent the cybercriminal from blocking system access and fully encrypting files. However, the hackers were able to steal a copy of some data from Blackbaud’s self-hosted environment. Blackbaud paid the ransom to have the copy removed and destroyed.

The attack occurred between February and May 2020 and affected several nonprofits and healthcare companies, including California-based Enloe Medical Center. While Blackbaud claims that the cybercriminal did not access social security numbers or credit card or bank account information, personal information including names, contact information, and medical records were compromised. And while the company says there is no reason to believe the data was misused or made publicly available, there is still much uncertainty about the breach.

We at CaseyGerry take companies to task when they allow hackers to compromise the security of the people and companies that trusted them. Our adversaries have been some of the largest corporations in the world. Firm partner Gayle M. Blatt served on the Executive Committee in a class action against Yahoo! concerning three separate data breaches, a case that in July 2019 received preliminary approval of a $117 million settlement. Additionally, Gayle helped lead the $15 million class action against Sony Computer Entertainment America involving a breach that violated users’ privacy rights and exposed them to the risk of identity theft. Our firm stands up to negligent companies – no matter how big and powerful they are – because they must take responsibility for their actions.

The lawyers at CaseyGerry have been successfully representing injured plaintiffs for more than 70 years. If you received a notice that your organization’s information may have been compromised in the Blackbaud data breach, contact us for free, no-obligation consultation to discuss protecting your legal rights, or submit an inquiry here.