Blackbaud, the leading provider of software for powering social impact, today announced it has reached a settlement with 49 state Attorneys General and the District of Columbia related to the previously disclosed multi-state investigation of its 2020 security incident.

“At Blackbaud, protecting customers’ and their constituents’ privacy has always been, and will continue to be, one of our most important priorities,” said Mike Gianoni, president and CEO, Blackbaud. “Cyber-attacks are always evolving, so we are continually strengthening our cybersecurity and compliance programs to ensure our resilience in an ever-changing threat landscape. We are pleased to fully resolve this matter and proud of our role as the essential software provider for purpose-driven organizations.”

With this resolution, Blackbaud has agreed to pay a total of $49.5 million to the 49 states and District of Columbia. In addition, Blackbaud has agreed to comply with applicable laws, not to make misleading statements related to its data protection, privacy, security, confidentiality, integrity, breach notification requirements and similar matters and to implement and improve certain cybersecurity programs and tools.

Arizona will receive $1.8M of Blackbaud’s multistate settlement.

The settlement amount was fully accrued as a contingent liability in the company’s financial statements as of June 30, 2023. Blackbaud expects to pay the full settlement to each state and the District of Columbia in October 2023 from its existing liquidity. This settlement does not impact Blackbaud’s previously provided 2023 financial guidance.