LITTLE ROCK, Ark. – Arkansas will receive more than $551,000 in a multistate settlement after an agreement was reached with software company Blackbaud in connection with a 2020 data breach.

Arkansas Attorney General Tim Griffin joined attorneys general from 49 states and Washington, D.C. to investigate claims that the software company’s poor data security led to the exposure of Arkansan’s personal information. Claims also stated that the company failed to provide customers with timely information about the data breach.

Blackbaud agreed to pay $49.5 million to the involved states and strengthen their data security practices. Following the settlement announcement, Griffin released the following statement:

Blackbaud was deficient in its data security practices and exposed the personal information of Arkansans as part of a 2020 ransomware attack. The company violated our state’s Deceptive Trade Practices Act and Personal Information Protection Act by failing to implement reasonable data security and fix known security gaps, which led to a data breach. Blackbaud then failed to provide its customers with timely, complete or accurate information regarding the breach, as required by law.”

Protecting Arkansans’ personal information and holding organizations accountable for data breaches are two of my responsibilities under Arkansas law. I am pleased with this settlement and the promise that Blackbaud will overhaul its security.”

Attorney General Tim Griffin

The Securities and Exchange Commission also charged the company for making misleading disclosures concerning the data breach. In March, the SEC announced that the company agreed to pay $3 million to settle the charges.