The State of Maine, alongside 49 other states, has reached a settlement with the software company Blackbaud after a 2020 cyber attack led to the exposure of millions of Americans’ personal data, according to a Thursday press release from Attorney General Aaron Frey.
Blackbaud, a company that provides data management software to various organizations throughout the U.S., has agreed to pay a total of $49.5 million to the states that are part of the settlement.
Maine will receive $412,000 from the settlement.
The software company fell victim to a cyber attack in May 2020 that led to highly sensitive data from over 13,000 of their customers, and millions of those customers’ respective consumers, being compromised, including Social Security numbers, protected health information, and bank account information.
Thursday’s settlement resolved the allegations of the state’s attorneys general that Blackbaud failed to implement reasonable data security measures and remediate known security gaps, as well as that they failed to inform their customers of the 2020 data breach in a timely or complete manner.
“In an age of near constant cyber threats, consumers should be able to trust that businesses are taking reasonable steps to protect private information,” said Attorney General Frey. “Blackbaud’s failure to adequately secure data and then failing to appropriately disclose the breach to users and consumers is unacceptable and should be a warning to other businesses that deal in sensitive data.”
As part of the settlement, Blackbaud has agreed to overhaul its data security measures and breach notification practices going forward, including data encryption, a prohibition against misrepresentations related to their processing and storing of personal information, and third-party oversight over their compliance with the settlement for 7 years.