The South Carolina-based company must delete unnecessary data and increase security measures.
The Federal Trade Commission has reached a settlement with Blackbaud, Inc., over charges that inadequate security measures made it possible for a hacker to infiltrate the company’s network and access customer information, including sensitive information such as Social Security and bank account numbers. The company will be required to delete unnecessary data, develop a comprehensive information security program, and establish a data retention schedule.
Though the company claimed to have robust security practices, a security breach remained undetected for three months, resulting in the theft of massive amounts of unencrypted sensitive consumer data. Blackbaud paid a ransom in Bitcoin to the hacker and has not verified when it notified customers of the breach.
“Blackbaud’s shoddy security and data retention practices allowed a hacker to obtain sensitive personal data about millions of consumers,” said FTC’s Bureau of Consumer Protection Director Samuel Levine. “Companies have a responsibility to secure data they maintain and to delete data they no longer need.”
As the Lord Leads, Pray with Us…
- For Director Levine and Consumer Protection Bureau personnel as they seek to ensure the security of Americans’ personal data.
- For the chair and members of the Federal Trade Commission as they evaluate the information handling practices of U.S. businesses.
Sources: Federal Trade Commission