DAYTON, Ohio (WDTN) — A company is paying up after a 2020 security breach that is believed to have exposed highly-sensitive information of millions of Americans.

Charities, healthcare agencies and schools are some of the nonprofit organizations that Blackbaud provided service to. Blackbaud is a company that provides software solutions to different organizations in search of connecting with donors and managing data.

In 2020, more than 13,000 business customers of the servicing company and their customers were reportedly affected by a data breach. Millions of consumers are thought to be affected by the breach.

“Carelessness cannot justify the compromise of consumer data,” said Ohio Attorney General Dave Yost. “Companies must be committed to safeguarding personal information, meeting consumers’ rightful expectations of data privacy and protection.”

Attorneys generals from 50 states were a part of a $49.5 million settlement. Of the amount, around $1.3 million will go to Ohio.

Yost says the settlement resolves allegations by Blackbaud of breach-notification laws, consumer protection laws and Health Insurance Portability and Accountability Act (HIPAA) violations.

“The violations stemmed from the company’s failure to establish reasonable data security and remediate the known security gaps, allowing unauthorized individuals to gain access to Blackbaud’s network,” said Yost. “Blackbaud also failed to promptly, completely or accurately inform its customers about the breach, as required by law.”

The company was accused of delaying notification of affected consumers. Notification for some individuals reportedly did not happen.