FAQS about the Blackbaud data breach

Home Cover
Share on facebook
Share on twitter
Share on linkedin

In May 2020, over 166 UK educational, charitable, and third-sector organisations had their customer, donor, and membership data stolen in a massive data breach. The breach happened when Blackbaud – a firm that provides administration, fundraising, and financial management software – was targeted by cybercriminals.

In a clear sign that the company was not meeting the robust legal standards required when handling personal data, the ICO has since reprimanded Blackbaud for breaking data protection law. If Blackbaud exposed your personal information in this data breach, you might be able to make a compensation claim.

Here are some of the most frequently asked questions our data protection solicitors have received about the Blackbaud data breach

How did this data security incident happen?

The Blackbaud data breach happened when the software company experienced a cyberattack in May 2020. Before Blackbaud locked the criminals out of its systems, the hackers managed to remove personal data from Blackbaud’s files. Some of this data was unencrypted.

As a result of the hack, criminals may have stolen the personal data of millions of people. And while Blackbaud paid a ransom in exchange for deleting the data, it is impossible to know what the hackers did or still might do with the stolen data.

What was stolen?

The information accessed depends on the institution involved. This could include:

Furthermore, despite initially claiming that criminals had not stolen financial data, Blackbaud later admitted that bank account information and users’ passwords were among details feared accessed by hackers. However, not everyone will have had their financial information compromised.

Which organisations were affected by the Blackbaud data breach?

According to the Information Commissioner’s Office (ICO), the Blackbaud data breach affected 166 UK organisations.

Some of the organisations who have confirmed they were impacted by the breach include:

Was my information accessed in this breach?

By now, Blackbaud should have informed all organisations affected by the data breach. These organisations should also have contacted any customer, member, donor etc., whose personal data was accessed in the breach.

If criminals accessed your details in the Blackbaud data hack, you can make a no-win, no-fee compensation claim. 

What should I do if I am worried that my details were involved in this breach?

Information stolen in breaches is often used to commit cybercrime. Similar data breaches have resulted in fraud, blackmail, and identity theft, so those affected by the breach are at high risk of being targeted by cybercriminals.

Anyone who thinks they might be involved should take immediate steps to protect themselves. Our data protection lawyers have created a handy guide to help keep you safe.

How did Blackbaud respond to the hack?

Blackbaud took weeks to warn its customers that their data had been stolen. This left victims of the hack at risk of further attacks as they did not realise their data was in the hands of criminals.

Can I make a compensation claim?

If you have been told that your data was involved in this breach, you can join our no-win, no-fee compensation claim. There are no costs to register and no obligation to proceed.

What is a group action?

A group action claim is where multiple people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions, multi-claimant, or multi-party actions.

How much will it cost me to claim?

There are no costs to join a claim. However, if your claim is successful, you may have to pay a ‘success fee’ taken from your compensation. At Keller Lenkner UK, our success fee is competitive, and we make sure you are fully informed about any potential costs before you officially join our action. If you lose, you won’t have to pay a penny.

What is happening with this case?

The ICO, the UK’s data protection regulator, has reprimanded Blackbaud over this data breach. And we understand that this breach is still undergoing investigation by the ICO. The ICO can impose substantial fines on organisations in violation of their duties. But it does not award compensation to individuals. The only way to get compensation for this data breach is to make a claim.

If you have been told that your data was involved in this breach, you can join our no-win, no-fee compensation claim. There are no costs to register and no obligation to proceed.

Contact Keller Lenkner UK’s expert data breach lawyers to discuss the Blackbaud data breach.

Share this article:

Share on facebook
Share on twitter
Share on linkedin