« Back to List

Data breach claims advance against Blackbaud

Claimants alleging software company Blackbaud Inc. neglected to protect the private information of tens-of-thousands of its clients and millions of people across the globe defeated a motion to dismiss on July 1, 2021.  

Motley Rice attorney Marlon Kimpson is co-lead counsel for plaintiffs in the multidistrict litigation, which is filed in U.S. District Court for the District of South Carolina. You may read more on Marlon’s leadership here in the National Law Journal: “MDL Judge Taps 'Most Diverse Leadership Team Ever' in Data Breach Class Action.” 

In the defense motion, Blackbaud argued that consumers in the MDL failed to show that the alleged harms they suffered because of the data breach can be traced directly to Blackbaud’s actions. Blackbaud asserted the Court lacked subject matter jurisdiction over the case as a result.  

The Court disagreed, siding with consumers that plaintiffs’ claims should proceed.  

“Given Blackbaud’s lack of transparency about the extent of the Ransomware Attack, it is more than plausible that additional information such as contact information, SSNs, and financial information that could be used for spam, phishing, or other forms of fraud was accessed during the Ransomware Attack,” U.S. District Judge J. Michelle Childs stated in a written order denying the defense motion to dismiss. “Furthermore, Plaintiffs have plausibly pled that hackers can commit identity fraud without contact information or SSNs by combining and cross-referencing data stolen during the Ransomware Attack with information obtained in other data breaches.” 

Blackbaud is a publicly-traded company based in South Carolina and provides cloud-based services for a variety of organizations including charitable foundations, educational and health institutions, religious organizations and non-profit groups in the U.S. and abroad. Cybercriminals launched a ransomware attack on the company in February 2020, and three months passed before Blackbaud discovered and stopped the attack. Blackbaud waited another two months to alert the public in July 2020. Plaintiffs allege millions of names, addresses, phone numbers, bank information and other personal information – including that of children – may have been compromised in the attack.   

“We believe Blackbaud failed to prioritize security ahead of this data breach,” said Motley Rice member attorney Jodi Westbrook Flowers. “The consumers impacted by cyber breaches have to live with the damage for years to come. We’re confident the class will have their day in Court, and we are pleased to see that the Court agrees.” 

The case, In re: Blackbaud Inc. Customer Data Security Breach Litigation, MDL no. 2972, in U.S. District Court for the District of South Carolina.  

Motley Rice data breach litigation experience  

Motley Rice attorneys represent and have filed litigation for victims in multiple cybersecurity breaches, and serve on the leadership team for the 21st Century Oncology data breach for patients who allege their medical records were exposed by the company due to a lack of security. The firm also represents victims of the massive Equifax data breach that affected 143 million Americans in 2017.  For more information or to discuss a potential claim, contact Marlon Kimpson by email or call 1.800.768.4026.