Case Overview
On February 7, 2020, Blackbaud, Inc.—a technology provider used by nonprofits and other organizations—was breached by a hacker. The breach went undetected until May 14, 2020, when there was a suspicious log-in on an internal server. Despite becoming aware of the attack in May, Blackbaud did not notify users of its platform about the hack until July 16, 2020. While the cybercriminals were able to remove a copy of a subset of data from Blackbaud’s self-hosted environment, the organizations who fell victim to the attack remain unsure as to what data was stolen.
Plaintiffs allege that Blackbaud failed to implement and maintain reasonable security procedures and practices to protect individuals’ and businesses’ private information against unauthorized access by third parties. Plaintiffs bring these claims on behalf of a proposed nationwide class defined at this time as:
All natural persons residing in the United States whose Personally Identifiable Information and/or Protected Health Information was compromised as a result of the Data Breach.
No specific class has been certified by the Court. If a class becomes certified, eligible class members will be notified when the Court authorizes a form of notice.
You may learn more about the specific allegations and claims being pursued by reviewing the Consolidated Class Action Complaint in the Case Documents section below.
Case Status
On January 14, 2021, Keller Rohrback filed its first class action complaint against Blackbaud in the United States District Court for the District of South Carolina. On February 10, 2021, the firm filed its second class action complaint against Blackbaud in the same district.
Other similar cases have been filed in various federal courts across the country related to the Blackbaud data breach. The Judicial Panel on Multidistrict Litigation (“JPML”) has ordered the centralization of these cases and transferred them to the Honorable Michelle Childs in the United States District Court for the District of South Carolina for coordinated pre-trial proceedings.
On February 16, 2021, the court appointed the leadership counsel for the Blackbaud litigation. We are pleased to announce that Keller Rohrback partner Gretchen Freeman Cappio, has been appointed by Judge Childs to be chair of the Plaintiffs’ Steering Committee (“PSC”). Ms. Cappio will be a part of the core group litigating this case.
On April 16, 2021, Plaintiffs filed their Consolidated Class Action Complaint. On July 1, 2021, the Court issued an Order denying Blackbaud’s Motion to Dismiss for Lack of Subject Matter Jurisdiction, finding that Plaintiffs have sufficiently alleged standing. On August 12, 2021 the Court issued an Order denying in part and granting in part Blackbaud’s Motion to Dismiss on Certain Statutory Claims. You can access both of these documents in the Case Documents section below. On October 19, 2021, the Court issued an Order denying in part and granting in part Blackbaud’s Motion to Dismiss Specific Common Law Claims.
Plaintiffs filed their Motion for Class Certification on December 16, 2022, with respect to six claims (including alleged violations of California, Florida and New York statutes). In a separate ruling entered November 21, 2022, Judge Anderson ordered that Plaintiffs’ remaining claims shall be stayed until the six identified claims are resolved.
We suggest that you periodically visit this website as it will be updated as the litigation progresses.
Protecting Your Private Information
The Federal Trade Commission’s website is a great resource for information on immediate steps to take if you’ve been exposed to a data breach.
CONTACT US:
If you have questions about this class action lawsuit, or have been the victim of a data breach, please contact us at (800) 776-6044 or dataprivacy@kellerrohrback.com to learn more about your legal rights.