As a result of these security shortcomings, a hacker was able to access a customer's database hosted by Blackbaud in early 2020. The breach, which remained undetected for three months, allowed the hacker to extract substantial amounts of unencrypted sensitive consumer data belonging to Blackbaud's clients.
Blackbaud Inc., headquartered in South Carolina, has reached a settlement with the Federal Trade Commission (FTC) following allegations that the company's inadequate security measures led to a data breach compromising the personal information of numerous individuals, including Social Security and bank account numbers.
According to the FTC's complaint, Blackbaud, a provider of data services and software to various entities, failed to implement proper safeguards to protect the extensive personal data it handles for its clients. Despite assuring customers of robust security measures, Blackbaud neglected to put in place adequate protections. This included a lack of monitoring for attempted network breaches, insufficient data segmentation, failure to delete unnecessary data, inadequate implementation of multifactor authentication, and lax password policies for employee accounts.
As a result of these security shortcomings, a hacker was able to access a customer's database hosted by Blackbaud in early 2020. The breach, which remained undetected for three months, allowed the hacker to extract substantial amounts of unencrypted sensitive consumer data belonging to Blackbaud's clients.
“As the order finds, Blackbaud failed to disclose the full impact of a ransomware attack despite its personnel learning that its earlier public statements about the attack were erroneous,” said David Hirsch, Chief of the SEC Enforcement Division’s Crypto Assets and Cyber Unit. “Public companies have an obligation to provide their investors with accurate and timely material information; Blackbaud failed to do so.”
Furthermore, Blackbaud's response to the breach was deemed inadequate. The company opted to pay a ransom to the hacker without verifying the deletion of stolen data. It also delayed notifying affected customers for nearly two months, and when it did, downplayed the extent of the breach, leaving consumers vulnerable to potential identity theft and other harms.
As part of the settlement, Blackbaud will be required to delete unnecessary personal data, develop a comprehensive information security program, and implement a data retention schedule. The proposed order also prohibits the company from misrepresenting its data security and retention policies.
The FTC voted unanimously to issue the administrative complaint and accept the proposed consent agreement with Blackbaud. The agreement will be open to public comment for 30 days before the Commission makes a final decision. Each violation of the consent order may result in civil penalties.
THANK YOU FOR YOUR TIME
DISCLAIMER
The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of The Steven Wick Blog. Any content provided by our bloggers or authors are of their opinion and are not intended to malign any religion, ethnic group, club, organization, company, individual or anyone or anything.
If you decide to purchase any item using our authorized referral/affiliate links, be aware, we may receive a portion of the sales as commission, i.e. if you purchase a product/service.
To shop, select or click buttons, links or images, you will be redirected to product pages. Please, carefully research before you purchase. Feel free to share and leave a comment, we would love to hear from you. Your feedback is very important to us.
For more like this, music, literature, news, fashion, savvy political commentary, and fascinating features, sign up for the Steven Wick News Letter.
We here at the Steven Wick Blog are so proud of our work, we’d like to thank you for being a part of our community. However, our mission to share so much from music, literature, lifestyle to fashion is a 24/7 undertaking! We need your help to continue our work. Your financial donation will help us not only keep the lights on, but enable us run many more stories in the future to come. DONATE HERE
Message Of Gratitude
We deeply appreciate your contribution in making our blog the top brand among customers.
Without you as our readers, we wouldn't have achieved this level of success. Your satisfaction is our utmost priority, and we assure you that we will always be a reliable source for your entertainment needs.
Your trust in us is invaluable, and we are grateful for your generous donations as our readers.
A number of you took an extra effort and opted to contribute as monthly donors. By doing so, your generous contribution is multiplied by twelve throughout the year, thereby amplifying the impact you have on our work. Your dedication truly makes a significant change, and we sincerely appreciate your valuable support.
Your support has been instrumental in our brand's success.
Thank you for being with us throughout the past year.
As we continue to grow and enhance our business, we pledge to prioritize your needs and interests.
Best Regards
The Steven Wick Team
תגובות