Harper Segui Named Co-Lead Counsel in Blackbaud Data Breach MDL

Milberg’s Harper T. Segui has been appointed Co-Lead Counsel in a data privacy multidistrict litigation (MDL) against Blackbaud Inc. in South Carolina federal court.

Cloud software provider Blackbaud, which serves colleges, universities, and nonprofits, is accused of permitting a ransomware attack and data security breach in 2020 that was one of the largest cybersecurity incidents of the year. Dozens of organizations were affected and the personal data of millions of customers was stolen. Around 20 class action lawsuits were filed against Blackbaud accusing the company of negligently allowing the ransomware attack.

The Judicial Panel on Multidistrict Litigation (JPML) approved centralization of those cases into a single, consolidated MDL proceeding. Milberg Partner Harper Segui, a member of the firm’s Biometric Data, Cyber Security, and Data Breach Practice, was chosen as Co-Lead Counsel by the judge overseeing the MDL.

Last year saw an unprecedented level of cyberattacks as criminals exploited more employees working remotely during the COVID-19 pandemic.

The litigation team that Segui will help lead has been hailed for its diversity. They are charged with sorting through several factual questions common to the plaintiffs, including whether Blackbaud’s data security practices met industry standards; how the unauthorized access to customer data occurred; the extent of information exposed by the breach; and Blackbaud’s handling of the breach.

Hack Went Undetected For Months

Blackbaud announced in May 2020 that an unauthorized party had accessed its systems. Its investigation of the incident revealed that the unauthorized access occurred from February 7, 2020 to May 20, 2020. Blackbaud admits that it paid the ransom but “the cybercriminal removed a copy of a subset of data from our self-hosted environment.” Clients’ unencrypted health and education data, including bank account information, social security numbers, usernames, and passwords were stolen, according to a Blackbaud regulatory filing.

Protected health information from an estimated six million people is among the data exposed in the attack, according to Law360. Trinity Health is the worst affected victim, with more than 3.3 million records. Inova Health Systems says that more than 1 million individuals were affected, while Northern Light Health reports nearly 660,000 individuals.

Last year saw an unprecedented level of cyberattacks as criminals exploited more employees working remotely during the COVID-19 pandemic. Although the total number of data breaches was down in 2020, the volume of records exposed in breaches increased by 141% to 37 billion. Ransomware in particular is on the rise. The number of confirmed ransomware attacks that resulted in data braches doubled last year.

Milberg’s Data Security Practice

Milberg is a leader in the fields of cyber security, data breach litigation, and biometric data collection lawsuits. The firm’s track record of holding companies accountable for failing to protect data and privacy rights includes successful lawsuits against Anthem, Equifax, Capital One, Facebook, Google, Quest Laboratories, Target, and Yahoo.

Our data breach lawyers work at the cutting edge of technology and law to shape data privacy litigation and reform data security practices. To discuss a specific matter with a data security lawyer, please schedule a free case review.