This February 2020 incident saw malicious hackers use a customer's credentials to gain access to Blackbaud's network, where the hackers remained undetected for over three months and exfiltrated massive amounts of unencrypted sensitive consumer data, including Social Security and bank account numbers.
Blackbaud, which the FTC claims Blackbaud knew as early as July 2020 that Social Security numbers and financial data had been stolen, didn't disclose the full extent of the breach until later that October, nor did it verify that the stolen data had been deleted after agreeing to pay the attackers' ransom of about $250,000, the FTC said.
[
add
]
[
|
|
...
]