Judge slightly narrows Blackbaud MDL over ransomware attack | #malware | #ransomware

  • California Consumer Privacy Act claims moves forward
  • Multidistrict litigation includes 29 cases

The company and law firm names shown above are generated automatically based on the text of the article. We are improving this feature as we continue to test and develop in beta. We welcome feedback, which you can provide using the feedback tab on the right of the page.

(Reuters) – Software maker Blackbaud Inc got some statutory claims knocked out in multidistrict litigation over a 2020 ransomware attack, but the cloud computing company must still face claims under California’s consumer privacy law, among several others.

In addition to refusing to dismiss California Consumer Privacy Act (CCPA) claims, U.S. District Judge J. Michelle Childs in Columbia, South Carolina, in a Thursday decision also let stand deceptive and unfair trade practice allegations by Florida and New York plaintiffs and a medical information claim by a California plaintiff.

The MDL against Charleston-based Blackbaud now comprises 29 cases, the judge said.

Childs said last month in ruling on a separate motion to dismiss that the plaintiffs, who provided their data to Blackbaud’s customers, sufficiently alleged standing to keep the case going. The Thursday order addressed Blackbaud’s bid to toss seven statutory claims from the 96-count consolidated complaint.

“We are pleased that the Court recognized the value and importance of the statutory claims plaintiffs brought in this case on behalf of donors, students, parishioners, and patients who were harmed by Blackbaud’s conduct,” co-lead counsel for the plaintiffs said in a statement. “Some of these statutes, in particular the California Consumer Privacy Act, were only recently passed, and provide an avenue for victims of data breaches to receive additional, statutory compensation for their injuries.”

Amy Keller of DiCello Levitt Gutzler, Harper Segui of Milberg Coleman Bryson Phillips Grossman, Krysta Kauble Pachman of Susman Godfrey and Marlon Kimpson of Motley Rice are co-lead counsel. Ronald Raether of Troutman Pepper Hamilton Sanders, a lawyer for Blackbaud, didn’t immediately respond to a request for comment.

Blackbaud provides cloud software products to “social good organizations,” such as nonprofits, foundations and educational institutions, according to its website. The litigation stems from a ransomware attack discovered early last year in which Blackbaud allegedly paid a ransom after third parties stole data from its servers.

In the Thursday decision, the judge said the plaintiffs sufficiently alleged that Blackbaud qualifies as a “business” under the CCPA, disagreeing with Blackbaud’s assertion that it is not. The law, which took effect in January 2020, allows consumers to sue in certain data breach situations.

The judge noted that courts haven’t yet had many opportunities to address the CCPA’s provisions, but, “the plain text of the statute is instructive.” She pointed to aspects of the California plaintiffs’ allegations that support the “business” status, including Blackbaud’s registration as a data broker in the state.

The judge also rejected Blackbaud’s dismissal argument that it is a “service provider” rather than a business under the CCPA. The company “could be both” of those things under the law, so “it would not be insulated from liability under the CCPA if it qualified as a ‘service provider,'” she said.

The judge dismissed several statutory claims based on allegations from Florida, New Jersey, Pennsylvania, California and South Carolina plaintiffs.

The case is In Re Blackbaud Inc Customer Data Security Breach Litigation (MDL 2972), U.S. District Court for the District of South Carolina, No. 3:20-MN-02972.

For the plaintiffs: Amy Keller of DiCello Levitt Gutzler, Harper Segui of Milberg Coleman Bryson Phillips Grossman, Krysta Kauble Pachman of Susman Godfrey, Marlon Kimpson of Motley Rice

For Blackaud: Celeste Jones of Burr & Forman and Ronald Raether of Troutman Pepper Hamilton Sanders

Read More:

Blackbaud must face data breach claims over 2020 ransomware attack

MDL panel pools litigation for data cases against Blackbaud, Clearview

Sara Merken

Sara Merken reports on privacy and data security, as well as the business of law, including legal innovation and key players in the legal services industry. Reach her at sara.merken@thomsonreuters.com

Original Source link

Posted in Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *

thirty seven + = forty four