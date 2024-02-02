Education technology company, Blackbaud, has agreed to a settlement with the U.S. Federal Trade Commission (FTC) following a massive data breach in 2020 that exposed millions of individuals' personal data. The breach was attributed to the company's substandard security practices, which the FTC cited as a glaring failure to uphold robust cybersecurity measures. The breach gave hackers access to an array of sensitive consumer information, including social security and bank account numbers.

Blackbaud's Misrepresentation of the Breach

Initially, Blackbaud reassured customers that only basic contact information had been compromised. However, as the investigation unfolded, it became evident that the data breach was far more severe, impacting much more sensitive data. This misrepresentation of the breach's seriousness was deemed deceptive by the FTC, further tarnishing the company's reputation.

FTC's Criticism of Blackbaud's Security Practices

The FTC's complaint highlighted the company's failure to enforce essential cybersecurity measures such as multi-factor authentication, timely software updates, and secure password protocols. The commission also criticized Blackbaud for storing sensitive data in unencrypted fields and retaining unnecessary consumer data. This included data from former or potential customers, a practice FTC commissioners Kahn, Slaughter, and Bedoya labeled as reckless.

The Settlement and Blackbaud's Commitment

As part of the settlement, Blackbaud has committed to deleting irrelevant data and overhauling its cybersecurity measures. Samuel Levine, Director of the FTC's Bureau of Consumer Protection, underscored the obligation of companies to safeguard consumer data and discard it when no longer needed. Despite the settlement, Blackbaud has yet to respond to media inquiries regarding the agreement.

While this settlement may provide some resolution for the millions affected by the breach, it serves as a stark reminder of the importance of robust and continuous cybersecurity practices. As technology continues to advance, so too does the sophistication of cyber threats, emphasizing the need for companies to stay ahead of potential breaches to protect consumer data.