Ohio to receive nearly $1.3M in multistate data breach settlement, AG Yost says

Ohio Attorney General Dave Yost was at the University of Dayton Tuesday Feb. 15, 2022, to talk with law students. MARSHALL GORBY\STAFF

Ohio Attorney General Dave Yost was at the University of Dayton Tuesday Feb. 15, 2022, to talk with law students. MARSHALL GORBY\STAFF
Local News
By
Oct 5, 2023
X

Ohio’s share in a $49.5 million settlement with a software company Blackbaud Inc. over its data-security practices and response to a 2020 breach that exposed personal information of millions of consumers will be nearly $1.3 million, Ohio Attorney General Dave Yost announced Thursday.

“Carelessness cannot justify the compromise of consumer data,” Yost said. “Companies must be committed to safeguarding personal information, meeting consumers’ rightful expectations of data privacy and protection.”

ExploreDistracted driving warning period ends: Here’s what you need to know when ticketing begins Thursday

Blackbaud provides software to nonprofit organizations — including charities, schools and healthcare agencies — to help them connect with donors and manage data consisting of demographic information, Social Security numbers, driver’s license numbers, financial data, employment and wealth information, donation histories and protected health information.

The 2020 breach exposed this highly sensitive information of 13,000 Blackbaud clients, in turn affecting millions of consumers overall, according to the statement from Yost’s office.

The settlement resolves allegations from 50 attorneys general that Blackbaud violated state consumer protection laws, breach-notification laws and Health Insurance Portability and Accountability Act.

ExploreScottish authorities sign extradition order for Dayton sex offender accused of faking his death

The violations stemmed from the company’s failure to establish reasonable data security and remediate the known security gaps, allowing unauthorized individuals to gain access to Blackbaud’s network. Blackbaud also failed to promptly, completely or accurately inform its customers about the breach, as required by law. Blackbaud’s lapses significantly delayed the process for notifying those whose personal information was compromised, and, in some cases, there was no notification at all, Yost’s office stated.

In Other News
1
Missing West Carrollton teen found safe
2
Dayton man indicted for murder; gunshot victim crashes car into pole
3
Fire at Centre City building downtown affects Holly Days
4
Springfield Haitian residents use public assistance like everybody...
5
NEW DETAILS: Wright State, Air Force extend campus work pact

About the Author

Follow Jen Balduf on twitter

Jen Roppel Balduf covers breaking news for the Dayton Daily News. She earned a bachelor of science in journalism degree from Ohio University and also writes for the Journal-News, Springfield News-Sun and Dayton.com.