United States of America: Issued ruling in multistate Attorneys General investigation into Blackbaud regarding data breach

On 5 October 2023, the New Jersey Attorney General announced a settlement in the investigation into Blackbaud regarding data breach. Blackbaud develops software for nonprofit organisations, colleges, universities, healthcare centres, and others. Its software is used by these organisations to connect with donors and manage personal data, such as social security numbers, donation history, contact details, or protected health information. In 2020, a ransomware incident led to the exposure of consumers' personal data. Under the allegations of breaching the law by failing to have reasonable data security measures in place, and for failing to inform the consumers about the data breach, Blackbaud reached a multistate settlement. In particular, the company agreed to strengthen its data security and notification measures, and pay USD 49.5 million to US states.