When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Blackbaud was breached in February 2020 by unnamed threat actors.
The hackers dwelled on the companys infrastructure for three months, quietly identifying and exfiltrating sensitive data.
By the time they were done, they siphoned out files on roughly 13,000 Blackbaud customers.
From that moment, the incident goes from bad to worse.
No one knows for sure if the hackers really deleted the files, or not.
Then it first settled with the SEC, paying $3 million in fines.
Then it settled with individual U.S. states, paying an additional $49.5 million.
It also needs to update its data retention policy and publicly state which data it contains and why.
