Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Two named plaintiffs have filed a Blackbaud class action lawsuit over allegations of negligence that they say caused a ransomware data breach in May.
Lead Plaintiffs Mamie Estes and Shawn Regan, both of California, allege their sensitive personal information that was entrusted to Blackbaud “was compromised and unlawfully accessed” because of the ransomware attack.
The compromised information purportedly included a copy of a subset of information kept by Blackbaud, which included names, addresses, phone numbers and other personal information.
Ransomware Attack on Blackbaud
Blackbaud sells cloud software products to a variety of schools, churches, nonprofit organizations and charitable foundations.
Blackbaud was hit by ransomware in May in a cyber attack that resulted in thieves purported removing a copy of a subset of data from Blackbaud’s self-hosted environment. While not listing exactly what information was accessed, Blackbaud reported that no credit card information, no bank account information and no Social Security numbers were accessed. The ransomware issue allegedly ended when Blackbaud paid the cyber criminals the amount of money they demanded.
Blackbaud said in return for paying the ransom, the cyber criminals confirmed the copy of the hacked data was destroyed. However, the word of a thief is not always trustworthy.
Blackbaud Class Action Lawsuit Allegations
The class action lawsuit takes issue with the claim that no financial data was accessed because Blackbaud goes on to tell customers to monitor their credit and other accounts for suspicious activity. This warning leads plaintiffs to believe that perhaps Social Security numbers, credit card numbers, bank account information and other personally identifiable data also may have been compromised in the ransomware attack.
Despite Blackbaud’s insistence that they paid the ransom and as a result, any threat to personal information has been neutralized, the FBI doesn’t recommend meeting the demands of such cyber thieves. In general, the FBI says there’s no way of knowing whether the thieves have kept a copy of the accessed data for themselves. Stolen personal information is often sold on the dark web where other criminals use the data to create stolen, fake identities or to infiltrate medical records, personal bank accounts or credit limits. The FBI also fears that every time a ransomware attack ends with the ransom being paid, the cyber criminals and their peers are further emboldened.
Blackbaud’s own 2019 annual report admits, “If a breach of data security were to occur, or other violation of privacy or data protection laws and regulations were to be alleged, our business may be materially and adversely impacted and solutions may be perceived as less desirable, which would negatively affect our business and operation results.”
According to the ransomware class action lawsuit, Blackbaud didn’t have a secure process or policy to prevent the ransomware attack, which the company virtually admits by saying it has “already implemented changes to prevent this specific issue from happening again.”
Plaintiffs further allege that the repercussions of the data breach may not be fully known for some time, citing the U.S. Government Accountability Office that says more than a year may pass before stolen personal identifying information is used to commit fraud. After cyber thieves sell or post stolen information on the internet, the information may lend itself to fraudulent use for years.
As a result, the Blackbaud class action lawsuit alleges that the data breach repercussions could haunt them for years and require them to closely watch their financial and medical records.
In related legal news, Blackbaud was hit with a ransomware attack earlier this year that affected charities and universities in the U.K. as well.
The Blackbaud Class Action Lawsuit is Mamie Estes, et al. v. Blackbaud Inc., Case No. 2:20-cv-8275, in the U.S. District Court for the Central District of California.
Join a Free Blackbaud Ransomware Attack Class Action Lawsuit Investigation
If you are a current or former university student or nonprofit employee whose information may have been affected in the recent Blackbaud ransomware data breach, you may be able to join this Blackbaud ransomware data breach class action lawsuit investigation.
This article is not legal advice. It is presented
for informational purposes only.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
7 thoughts onBlackbaud Class Action Lawsuit Filed over Ransomware Attack
Add me
I received a letter from my hospital stating that my information was potentially impacted through a cyber-attack involving Blackbaud. This happened between April 18, 2020 and May 16, 2020. In Oct. of 2020 I had around $6,000 stolen from my bank account. Though Identity theft. They had my name, social security, address, and phone number. I have the letter from the hospital, police report, and bank reports. If it is not to let I would like to be involved in this lawsuit.
Add me
Add me
Please add me
Add me!
I want to know about the radiation pill. There was a lawsuit on that one. My daughter was given it. Now she is dead. Its not fair.