CHICAGO (WMBD) — Attorney General Kwame Raoul announced on Thursday that Illinois will receive $2.28 million as part of a settlement with the software company Blackbaud.
According to an Illinois Attorney General’s Office news release, during a 2020 data breach information from various non-profits, educational institutions, healthcare organizations and others that used Blackbaud software leaked.
The Breach impacted 13,000 Blackbaud customers and their constituents. Some of the sensitive information that leaked included Social Security numbers, driver’s license numbers, financial information and protected health information.
“Thousands of Illinoisans were affected by Blackbaud’s data breach,” Raoul said. “Our investigations led to meaningful reforms in the way data is handled, protecting consumers from future exposure and ensuring that if there is a future breach, consumers are properly informed and assistance is provided.”
Raoul reached a settlement with Blackbaud with 49 other attorney generals. Blackbaud had to pay a total of $49.5 million to the states.
As part of the settlement, Blackbaud has also agreed to overhaul its data security and breach notification practices.
Some of the additional data security steps Blackbaud will be taking include:
- Personal information safeguards and controls with total database encryption and dark web monitoring.
- Security requirements with respect to network segmentation, patch management, intrusion detection, firewalls, access controls, logging and monitoring, and penetration testing.
- Breach response plans to prepare for and more appropriately respond to future security incidents and breaches, including adhering to breach notification requirements under state law and HIPAA.
- Breach notification provisions require Blackbaud to provide appropriate assistance to its customers and support customers’ compliance with applicable notification requirements in the event of a breach.
- Security incident reporting to the CEO and board, enhanced employee training, and appropriate resources and support for cybersecurity.
- Third-party assessments of Blackbaud’s compliance with the settlement for seven years.
