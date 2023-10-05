CARSON CITY, Nev. (KOLO) - The State of Nevada will be receiving more than $559,000 as part of a nationwide settlement with software company Blackbaud.

State Attorney General Aaron Ford, along with 49 other state AGs, sued the company over deficiencies in its data security practices and its response to the ransomware event that exposed the personal information of millions of customers nationwide in 2020.

Under the terms of the settlement, Blackbaud will improve its data security and breach notification practices and pay the states a combined $49.5 million.

Contact and demographic information, social security numbers, driver’s license numbers, financial information, employment and wealth information, donation history, and protected information were all part of the breach.

“I don’t want this incident to undermine the benevolence of those who give to charity,” said Ford. “Donating to a charity or other non-profit organization is an investment of time and money, and consumers that make that investment for the benefit of others should feel confident their sensitive personal information will be protected.”

Blackbaud will be:

Prohibiting misrepresentations related to the processing, storing and safeguarding of personal information;

Implementing and maintaining incident and breach response plans to prepare for and more appropriately respond to future security incidents and breaches;

Creating breach notification provisions that require Blackbaud to provide appropriate assistance to its customers and support customers’ compliance with applicable notification requirements in the event of a breach;

Implementing security incident reporting to the CEO and Board, enhanced employee training and appropriate resources and support for cybersecurity;

Implementing personal information safeguards and controls requiring total database encryption and dark web monitoring;

Putting in place specific security requirements with respect to network segmentation, patch management, intrusion detection, firewalls, access controls, logging and monitoring and penetration testing; and

Requiring third-party assessments of Blackbaud’s compliance with the settlement for 7 years;

