Indiana to receive $3.6M in privacy breach settlement
Subscriber Benefit
As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe Now
Indiana will receive $3.6 million, the most of any state, as part of a $49.5 million multistate settlement with software company Blackbaud, which was the subject of a 2020 data breach affecting millions of people.
Indiana Attorney General Todd Rokita’s office was part of the 50-attorney general coalition investigating and seeking a settlement with the Delaware-based company.
Blackbaud provides software to primarily not-for-profits, like charities, health care organizations and schools. The type of information stored in their data included demographic data, social security numbers, financial information, protected health files and driver’s license numbers.
The breach affected over 13,000 customers and the millions of people who have provided such information to those entities.
The company agreed to revamp its data security and breach notification as well as make payments to each state. Allegations resolved in the settlement were violations of state consumer protection laws, breach notification laws and HIPAA.
Rokita’s office said in a news release that Blackbaud had not provided “reasonable” data security nor alerted customers in a timely and accurate manner when that security failed.
“Nonprofits doing their great work rely and depend on vendors like Blackbaud to protect sensitive and private information,” Rokita said in the release. “This type of leak is unacceptable, and we fought back on behalf of Hoosiers.”