Federal Judge Approves Blackbaud MDL Class Action Lawsuit Over Data Breach
Blackbaud, Inc.—a software development company that focuses on cloud-based services—will be prosecuted in Multi District Litigation for failing to adequately plan for and respond to a data breach and ransomware attack that exposed the personal and health information of millions of people worldwide.
Kassandre Clayton et al. v. Blackbaud MDL
Judge Julianna Michelle Childs of the U.S. District Court rejected Blackbaud’s motion to dismiss multiple consolidated class action lawsuits brought in response to the data breach.
The company said that the plaintiffs failed to claim any damages resulting from the breach, relying on a third-party investigation into the ransomware attack that revealed no credit card data had been stolen.
The judge had refused to dismiss the class action complaints, stating that the inquiry was limited and the software company asserted that many parts of it were wrong. In her order, she emphasized that Blackbaud’s statements to financial regulators and its clients had discrepancies.
In addition to the order, Childs notes that Blackbaud’s lack of transparency regarding the scope of the ransomware attack, it is entirely plausible that additional information such as:
- Contact information
- Social Security numbers, and
- Financial information
These could be used for spam, phishing; other types of fraud were accessed during the ransomware attack.
How It started
Blackbaud was targeted by ransomware in a 2020 cyberattack, with hackers allegedly stealing a copy of a subset of data and gaining access to the company’s system from its self-hosted environment.
While Blackbaud did not specify what information was accessed, it did state that no bank account information, credit card details, or Social Security numbers were accessed. According to reports, the ransomware attack was resolved after Blackbaud paid the cyber attackers the ransom requested.
Though the company assured customers that no financial information had been compromised, it advised them to be vigilant for suspicious activity. Thus, prompting some people to suspect that the company knew more. Additionally, consumers said in a series of class action lawsuits that Blackbaud failed to protect its data from ransomware assaults.
The allegations were consolidated in a federal court in South Carolina. The multidistrict litigation (MDL) now comprises over 30 plaintiffs from 20 states alleging that the Blackbaud data breach exposed personal, educational, and health information.
Editor’s Note on Blackbaud Data Breach MDL Class Action Lawsuit 2021:
This article is written to inform you of judge Julianna Michelle Childs’s approval of the Blackbaud Data Breach class-action lawsuit in a Multi District Litigation.
Case Name & No.: Kassandre Clayton et al. v. Blackbaud, Case No. 3:21-cv-01058
Jurisdiction: U.S. District Court for the District of South Carolina, Columbia Division
Products/Services: Users Private Data
Allegations: Blackbaud’s lack of security resulted in the ransomware data breach
Was your data compromised as a result of the Blackbaud data breach? We’re interested in hearing from you! Message us by clicking the ‘Contact Us’ button below!
Suggested Article: Minted Data Breach Settlement For $5 Million.