Kristen Zanoni  |  October 6, 2020

Category: Data Breach

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

Do You Qualify to Join the Blackbaud Group Action?

Law firms across the UK are accepting claimants in the Blackbaud ransomware attack group action. Those who have been notified their personal information was breached may be eligible to make a claim.

What is This Claim About?

Group litigation has been launched against software provider giant Blackbaud after the company was the target of a ransomware attack in May 2020. An unknown number of individuals were affected in the multinational breach that violated banking and personal information.

Blackbaud allegedly did not notify authorities until about eight weeks had passed, breaking General Data Protection Regulation rules.

Who’s Eligible?

You may qualify to join the Blackbaud ransomware attack group action if you have been notified your information was breached in the attack.

Over 100 organisations’ data was breached in the ransomware attack, including:

  • De Montfort University
  • Loughborough University
  • Oxford Brookes University
  • University of Birmingham
  • University College Oxford
  • University of Exeter
  • University of Leeds
  • University of London
  • University of Reading
  • University of Strathclyde
  • University of York
  • The U.K.’s National Trust

How Much Compensation Will I Receive?

If the Blackbaud ransomware attack group action is successful, you could be entitled to compensation. No amounts have been disclosed yet, and the any amounts to be given to Class Members will be determined by the Court.

How Do I Join?

If you have been notified your information was breached in the Blackbaud ransomware attack, contact one of the law firms participating in the group action:

Data Leak Lawyers
Simpson Millar

More law firms may be added.

A hacker in black installs ransomware using a laptop - blackbaud ransomware attack

A group action has been launched in the U.K. following the Blackbaud ransomware attack that affected over 100 charities and universities.

The Blackbaud ransomware attack affected the private personal information of people in the U.K., the U.S. and Canada. 

The attack was detected in May 2020.

Cybercriminals hacked Blackbaud’s servers and blocked them from access to their stored data. The hackers then held the data for an undisclosed ransom, which was paid by Blackbaud to retrieve its data. An unknown number of people had their private information violated in the Blackbaud ransomware attack.

Blackbaud says the attack was discovered and stopped by a cybersecurity team and forensics experts, but before the cybercriminal was cast out, they removed a copy of Blackbaud’s data. The company says after the ransom was paid, the copy of the data was destroyed. 

U.S. software provider Blackbaud is a power player in the field as the world’s biggest supplier of software. Blackbaud provides its services to educational institutions, charities, and religious organisations, among others. Now, victims of the Blackbaud ransomware attack are fighting back with a U.K. group action against the company.

After the Blackbaud ransomware attack, the company was supposed to report the breach within 72 hours after it was discovered, per General Data Protection Regulation (GDPR) guidelines, or face fines of up to €20 million, according to Teceze.

A breach of the size of the Blackbaud ransomware attack is also supposed to be reported to the Information Commission Officer (ICO) within 24 hours after discovery. Consumers are supposed to be informed as well. 

However, in Blackbaud’s case, the company informed the ICO and Canadian authorities about eight weeks after finding out about the ransomware attack, meaning Blackbaud violated the rules of the GDPR, Teceze reported.

Ransomware graphic - blackbaud ransomware attackThe guidelines of the GDPR still apply in the Blackbaud ransomware attack case because U.K. citizens were affected and are legally covered by the GDPR until 31 December 2020, when the Brexit transitions are finalised. 

When the breach was first revealed in July, Blackbaud confirmed personal data was violated, but denied private financial information was taken.

In earlier reports, Blackbaud said the cybercriminals did not breach any credit card details, banking information or social security numbers, but the company now admits customers’ banking details were lost in the attack, IT Pro reported. 

“Further forensic investigation found that for some of the notified customers, the cyber criminal may have accessed some unencrypted fields intended for bank account information, social security numbers, usernames and/or passwords,” Blackbaud stated in a 29 September regulatory filing, according to IT Pro.

The U.K. education system has been faced with major turmoil in 2020 due to ransomware attacks.

Several universities had IT systems sealed off by cyberattackers and threatened for ransom. About 166 organisations were affected in the Blackbaud ransomware attack, and many have been open about their link to the breach. 

Meanwhile, the list of organisations affected by the Blackbaud ransomware attack continues to grow, and legal action has been taken against the company for the breach.

According to IT Pro, 10 American law firms have filed class action lawsuits against Blackbaud. Directly following the Blackbaud ransomware attack, there was a class action lawsuit launched in Canada. The class action lawsuits are alleging Blackbaud did not sufficiently store consumers’ data. 

We tell you about cash you can claim EVERY WEEK! Sign up for our free newsletter.

  • This field is for validation purposes and should be left unchanged.

Leave a Reply

Your email address will not be published. By submitting your comment and contact information, you agree to receive marketing emails from Top Class Actions regarding this and/or similar lawsuits or settlements, and/or to be contacted by an attorney or law firm to discuss the details of your potential case at no charge to you if you qualify. Required fields are marked *

Please note: Top Class Actions is not a settlement administrator or law firm. Top Class Actions is a legal news source that reports on class action lawsuits, class action settlements, drug injury lawsuits and product liability lawsuits. Top Class Actions does not process claims and we cannot advise you on the status of any class action settlement claim. You must contact the settlement administrator or your attorney for any updates regarding your claim status, claim form or questions about when payments are expected to be mailed out.