[BreachExchange] Blackbaud Must Face CCPA Claims in Multidistrict Class Action from Data Breach

[Sophia Kingsbury]

https://www.natlawreview.com/article/blackbaud-must-face-ccpa-claims-multidistrict-class-action-data-breach

Blackbaud, which suffered a data breach of its customers’ data in a
ransomware attack in 2020, in which it admitted paying the ransom in a
double extortion attack, is facing multiple class action cases following
the attack. The cases have been consolidated in multi-district litigation
and now comprise 29 cases.

The federal judge overseeing the cases has refused to dismiss all of the
claims that the plaintiffs alleged against Blackbaud, and ruled that
Blackbaud must face claims of violation of the California Consumer Privacy
Act (CCPA), deceptive and unfair trade practice allegations made by Florida
and New York plaintiffs, and a separate claim by a California plaintiff
alleging the compromise of medical information.

The judge declared that the plaintiffs had sufficiently alleged that
Blackbaud was a “business” as that term is defined in CCPA partly because
Blackbaud was a registered data broker in the state of California.

The judge did dismiss several state statutory claims that had been made by
the plaintiffs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210820/dadda123/attachment.html>