Blackbaud, a software company that provides cloud-based services to charitable foundations, educational and health institutions, religious organizations, and other non-profits, is at the center of a data breach that could affect as many as 45,000 of its clients globally. Millions of names, addresses, phone numbers and other personal information —including that of children—may have been compromised in a ransomware attack and resulting data breach. Some people’s patient information was also removed.
Whether you’re doing business, going to school, or managing your health, you should be able to trust that that the companies you share your private information with will take necessary precautions to protect you from cybercriminals. Motley Rice data breach attorneys filed a proposed class action suit in September 2020 for a child and other victims affected by the cyberattack. The suit alleges Blackbaud’s security measures were inadequate and did not protect scores of individuals and businesses against unauthorized access by third parties, despite being aware of a steady increase of cyberattacks in recent years.
If Blackbaud or another company notified you that you or a loved one’s personal information was compromised as a result of this data breach, and you are considering legal options, please contact Jodi Westbrook Flowers and our consumer fraud practice using this form or call 1.800.768.4026.
Blackbaud data breach background
Cybercriminals began a ransomware attack on South Carolina-based software provider Blackbaud in February 2020. Three months passed before the company discovered and stopped the attack in May 2020. Blackbaud waited until July 2020 to alert the public.
Some of the largest organizations impacted include (note this is not a full list):
- Inova Health
- Atrium Health
- The Medical University of South Carolina
- Roper St. Francis Healthcare
- Northern Light Health
- Saint Luke’s Foundation
- Boy Scouts of America
- Cancer Research Institute, New York
- George. W. Bush Presidential Center
According to a statement release by Blackbaud, the company’s cybersecurity team collaborated with independent forensics experts and law enforcement to lock the cybercriminals out of its system after it discovered the breach. However, the measures took place well after the criminals had already gained access and compromised a trove of data.
Blackbaud paid the cybercriminals a ransom to destroy their copy of the data, and the company claims no credit card, bank account or social security numbers were compromised. When notified of the attack, victims, however, were still advised to monitor their own credit and accounts for suspicious activity.
Blackbaud has not offered or provided victims any recourse, including means to acquire credit monitoring or otherwise compensate victims for the harm done.
Motley Rice is investigating the data breach and working to help people who were impacted. On Sept. 15, 2020, Motley Rice filed litigation against the company. Read the full complaint.
Motley Rice data breach experience
Motley Rice attorneys represent and have filed litigation for victims in multiple cybersecurity breaches that left millions of victims susceptible to identity theft. Our experience includes litigating the massive Equifax data breach that affected 143 million Americans in 2017, as well as representing Marriott and Starwood hotel guests affected by a series of data breaches over the course of several years that potentially exposed passport information and other personal data for up to 500 million customers. Attorney Jodi Westbrook Flowers serves as co-liaison counsel of the 21st Century Oncology data breach Plaintiffs’ Steering Committee overseeing litigation filed for patients who allege their medical records were exposed by the company due to a lack of security.
Jodi also leads a team of Motley Rice attorneys in an investigation into claims that Facebook violated privacy laws by allowing third parties to harvest private information from millions of the network’s users. Read more on our experience.