Software company agrees to pay nearly $50 million in multi-state, data breach settlement

A software company that had a data breach that exposed the information of thousands of nonprofits will pay nearly $50 million in a multi-state settlement.

Indiana Attorney General Todd Rokita led the settlement agreement with Blackbaud and the Hoosier State will get the most money: $3.6 million.

“While it doesn’t make up for Blackbaud’s negligence, I am glad we have held them accountable for their actions,” Rokita said.

Blackbaud provides software to nonprofits such as charities, schools and health care groups. The software helps those organizations connect with donors, managing data that includes financial information, Social Security numbers and health information.

In May 2020, Blackbaud experienced a data breach, putting at risk the information of more than 13,000 customers. It didn’t begin notifying those customers of the breach until July 2020.

Join the conversation and sign up for the Indiana Two-Way. Text “Indiana” to 73224. Your comments and questions in response to our weekly text help us find the answers you need on statewide issues.

Rokita led a group of 50 attorneys general to investigate the breach, alleging that beyond failing to properly notify its customers, Blackbaud also lacked adequate safety measures.

In addition to paying $49.5 million under the settlement, the company will also implement new breach notification and data security programs.

Brandon is our Statehouse bureau chief. Contact him at [email protected] or follow him on Twitter at @brandonjsmith5.