Blackbaud has agreed to pay a fine of $49.5 million following a US multi-state action following a 2020 security incident.
An extract from the Blackbaud press release says
“At Blackbaud, protecting customers’ and their constituents’ privacy has always been, and will continue to be, one of our most important priorities,” said Mike Gianoni, president and CEO, Blackbaud. “Cyber-attacks are always evolving, so we are continually strengthening our cybersecurity and compliance programs to ensure our resilience in an ever-changing threat landscape. We are pleased to fully resolve this matter and proud of our role as the essential software provider for purpose-driven organizations.”
With this resolution, Blackbaud has agreed to pay a total of $49.5 million to the 49 states and District of Columbia. In addition, Blackbaud has agreed to comply with applicable laws, not to make misleading statements related to its data protection, privacy, security, confidentiality, integrity, breach notification requirements and similar matters and to implement and improve certain cybersecurity programs and tools.
https://www.blackbaud.com/newsroom/article/blackbaud-resolves-multi-state-attorneys-general-investigation-of-2020-security-incident
The ICO did issue a warning to Blackbaud in September 2021 but no fine was levied, as confirmed by this FOI request https://ico.org.uk/about-the-ico/our-information/disclosure-log/ic-195232-p2x2/.