Joanna Szabo  |  October 2, 2020

Category: Legal News

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

Computer hacker steals data

A recent Blackbaud ransomware incident has left thousands of nonprofits and their members wondering what personal information may have been accessed in the data breach that occurred in May.

What Are Ransomware Attacks?

Cybercriminals use a type of malware called ransomware that captures your computer’s data and locks or encrypts the information so that you cannot access your own data.

Ransomware got its name because the data is held for ransom. Once you pay the cybercriminals the amount of money they have demanded in Bitcoin, they generally promise to release your data.

A ransomware attack can paralyze a business and result in the loss of important information and customer/patient history.

The FBI says it does not recommend paying a ransom to cybercriminals because there’s no guarantee you will regain access to your data. There’s also no guarantee the cybercriminals won’t keep a copy for themselves and still use the information for nefarious purposes. The FBI also does not want you to pay the ransom because doing so will simply encourage other criminals to conduct similar illegal operations.

What Is Blackbaud?

Blackbaud is an international cloud software company that claims to have “millions of users in 110+ countries.”

The company sells software products that include cloud-based ticketing, fundraising, donor reporting, admissions processing, accounting, and other areas of support.

Who Was Affected by the Blackbaud Ransomware Attack?

According to Blackbaud, a “subset of customers who were part of this incident have been notified and supplied with additional information and resources.”

Initially, it was found that a number of schools, churches, arts organizations, and charitable foundations may have been impacted by the data breach. According to Blackbaud’s website, its customers include the American Diabetes Association, American Kennel Club, Archdiocese of New York, Brown University, Environmental Defense Fund, and many more.

Entities are increasingly coming forward with reports of breaches tied to the attack. Millions have allegedly been affected. As of Sept. 24, there had been more than three dozen health data breaches posted to the Department of Health and Human Services’ HIPAA Breach Reporting Tool website related to the Blackbaud ransomware incident. The HHS Office for Civil Rights website lists health data breaches impacting at least 500 individuals — a list commonly referred to as “the wall of shame.” Collectively, Blackbaud-related breaches have affected more than 6 million individuals.

The most significant breaches linked with the Blackbaud attack so far have been:

  • Inova Health System, affecting 1.05 million people
  • Northern Light Health, affecting 657,000
  • SCL Health, affecting 441,000
  • Saint Luke’s Foundation, affecting 360,000
  • NorthShore University HealthSystem, affecting 350,000
  • Iowa Health System dba UnityPoint Health, affecting 274,000
  • Virginia Mason Medical Center, affecting 245,000
  • University of Tennessee Medical Center, affecting 235,000
  • Allina Health, affecting 200,000
  • Christ Hospital Health Network, affecting 183,000

What Has the Response Been?

Businessman holds cloud computing diagramBlackbaud said it discovered and stopped the ransomware attack in May, but not before the hackers removed a copy of a subset of data from Blackbaud’s self-hosted environment. Blackbaud insists no credit card data, bank account information, or Social Security numbers were accessed by the cybercriminals.

The company said it paid the ransom to the hackers and demanded confirmation that the copy that the cybercriminals took was destroyed.

“Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly,” says a statement on Blackbaud’s website.

The response from customers includes some saying they are looking closely at their contracts with Blackbaud and seriously considering taking their business elsewhere.

Public Broadcasting Atlanta (PBA) was affected by the Blackbaud ransomware attack and announced on Aug. 5 that it was no longer a Blackbaud client. PBA representatives would not say why they quit working with Blackbaud.

PBA states that the affected data could have included names, addresses, phone numbers, email addresses and birthdays.

Louisville Public Media’s Director of Membership Kelly Wilkinson told Current that their files with Blackbaud included contact information, demographics, donation dates, and amounts. Wilkinson said members were contacted Aug. 5 and told that Blackbaud has found no evidence that any data was released as it continues to monitor the dark web.

An anonymous spokesperson for Vermont Public Radio said some members were so worried about their information being compromised that they canceled their memberships. The station has not decided whether it will continue working with Blackbaud.

Can You File a Ransomware Lawsuit Against Blackbaud?

A growing number of lawsuits are being filed against Blackbaud, with at least 10 currently seeking class-action status.

Lead plaintiff William Allen has filed a class action lawsuit over the Blackbaud ransomware incident and is seeking restitution for himself and fellow class members for out-of-pocket expenses incurred in the form of time and money to mitigate or remedy the effects of the data breach. According to court documents, Blackbaud is accused of failing to provide timely and adequate notice to those affected that their information had been accessed by an unauthorized third party and failing to identify all data that was accessed in the breach.

Blackbaud is accused of maintaining and security clients’ private information “in a reckless manner” that allowed the ransomware hack to occur.

This Blackbaud Ransomware Attack Lawsuit is William Allen v. Blackbaud, Inc., Case No. 2:20-cv-02930-RMG, in the U.S. District Court for the District of South Carolina, Charleston Division.

One of the more recent lawsuits, filed in California federal court in September by plaintiffs Mamie Estes and Shawn Regan, said that the May ransomware attack against Blackbaud has affected many different organizations’ data and servers, which contained identifying, sensitive, and personal data from many users.

“Plaintiffs’ and class members’ sensitive personal information—which was entrusted to defendant, its officials and agents—was compromised and unlawfully accessed due to the data breach. Information compromised in the data breach included a copy of a subset of information retained by Blackbaud, including names, addresses, phone numbers and other personal information,” according to the lawsuit.

The lawsuit, and others like it, claims negligence, invasion of privacy, and breach of contract, along with violations of state laws such as the California Consumer Privacy Act.

Join a Free Blackbaud Ransomware Attack Class Action Lawsuit Investigation

If you are a current or former university student or nonprofit employee whose information may have been affected in the recent Blackbaud ransomware data breach, you may be able to join this Blackbaud ransomware data breach class action lawsuit investigation.

Get a Free Case Evaluation

This article is not legal advice. It is presented
for informational purposes only.

We tell you about cash you can claim EVERY WEEK! Sign up for our free newsletter.


3 thoughts onHow Did the Blackbaud Ransomware Attack Occur?

  1. Regina Goodwin says:

    Please add me.

  2. LISA HAWKINS says:

    Please add me

  3. Heidi Jacobson says:

    Please add me!

Leave a Reply

Your email address will not be published. By submitting your comment and contact information, you agree to receive marketing emails from Top Class Actions regarding this and/or similar lawsuits or settlements, and/or to be contacted by an attorney or law firm to discuss the details of your potential case at no charge to you if you qualify. Required fields are marked *

Please note: Top Class Actions is not a settlement administrator or law firm. Top Class Actions is a legal news source that reports on class action lawsuits, class action settlements, drug injury lawsuits and product liability lawsuits. Top Class Actions does not process claims and we cannot advise you on the status of any class action settlement claim. You must contact the settlement administrator or your attorney for any updates regarding your claim status, claim form or questions about when payments are expected to be mailed out.