Texas Attorney General Ken Paxton has obtained a settlement with Blackbaud, Inc. (“Blackbaud”) to ensure that the South Carolina-based software provider corrects its deficient data security privacy practices and is prepared to respond properly to any future security incidents. 

The settlement resolves an investigation of a 2020 data breach which affected over 13,000 Blackbaud customers and their respective consumer constituents. Blackbaud’s customers—which include educational institutions, healthcare groups, cultural organizations, and nonprofits—use the company’s software to manage data on donors and constituents. The breach of highly sensitive data included Social Security numbers, government identification numbers, financial information, protected health information, and donor demographic information. 

“My office will continue to work diligently to ensure that Texans’ personal and sensitive information is protected,” said Attorney General Paxton. “When companies discover that customers’ sensitive data has been breached, it is critical that they report such incidents quickly as required by Texas law.” 

Under the settlement, Blackbaud has agreed to strengthen its data security and breach notification practices, including implementing specific security requirements related to database encryption, network segmentation, access controls, timely patch management, and dark web monitoring. Blackbaud has also agreed to make a payment of $49.5 Million to the 50 states participating in this settlement. Texas will collect over $2,766,000 of the total. 

To read Blackbaud’s Assurance of Voluntary Compliance, click here.