Delaware Supreme Court - Breach of Contract and Negligence

The Delaware Supreme Court has reversed a Superior Court decision that dismissed breach of contract claims filed by Travelers Casualty and Surety Company of America and other insurers against Blackbaud, Inc. The insurers, acting as subrogees and assignees of Blackbaud's clients, alleged that Blackbaud's failure to adequately address a major ransomware attack and protect sensitive client data constituted a breach of contract. The Supreme Court found that the insurers' amended complaints met the minimum pleading requirements and adequately stated a claim for breach of contract, overturning the lower court's dismissal with prejudice.

This decision has significant implications for Blackbaud and potentially other technology service providers, particularly those handling sensitive data for non-profit and educational clients. While the case is remanded for further proceedings, the ruling clarifies that such insurers, under subrogation or assignment, can pursue breach of contract claims if a data breach results in losses. Regulated entities and their legal counsel should review their contractual obligations and data security protocols in light of this ruling, especially concerning potential liabilities arising from cyber incidents and the ability of insurers to recover damages through contractual claims.