“Blackbaud Can't Ditch Calif. Privacy Claim in Data Breach Suit,” Law360
August 13, 2021
A South Carolina federal judge on Thursday axed several state consumer protection and breach reporting law claims from a consolidated putative class action accusing Blackbaud Inc. of failing to do enough to prevent a massive 2020 ransomware attack, while allowing allegations under California's novel Consumer Privacy Act to move forward.
In a 33-page ruling, U.S. District Judge Julianna Michelle Childs decided Blackbaud's motion to dismiss seven of the dozens of statutory claims that 34 plaintiffs from 20 states have raised in a consolidated class action complaint that takes aim at the cloud computing provider's allegedly lax data security practices. The plaintiffs have alleged that these security failings opened the door for hackers to orchestrate a cyberattack last year that affected personal information held by more than 100 health care, educational and philanthropic organizations that used Blackbaud's services.