Security News > 2023 > March > Blackbaud to pay $3M for misleading ransomware attack disclosure
Cloud software provider Blackbaud has agreed to pay $3 million to settle charges brought by the Securities and Exchange Commission, alleging that it failed to disclose the full impact of a 2020 ransomware attack that affected more than 13,000 customers.
To settle the SEC's charges, Blackbaud has agreed to pay a $3 million civil penalty for failing to disclose the full scope of the cyber attack.
"As the order finds, Blackbaud failed to disclose the full impact of a ransomware attack despite its personnel learning that its earlier public statements about the attack were erroneous," said David Hirsch, the head of the SEC Enforcement Division's Crypto Assets and Cyber Unit.
"Public companies have an obligation to provide their investors with accurate and timely material information; Blackbaud failed to do so."
According to the SEC, the company stated in July 2020 that the attackers behind the May 2020 ransomware attack had not gained access to donor bank account details or social security numbers.
Until November 2020, Blackbaud had already been sued in 23 proposed consumer class action cases in the U.S. and Canada related to the May 2020 ransomware attack and data breach, according to the 2020 Q3 Quarterly report filed with the SEC. The company also revealed that government agencies and data regulators, including a multi-state, consolidated Civil Investigative Demand issued on behalf of 43 state Attorneys Generals and the District of Columbia, have also made inquiries into the attack.
News URL
Related news
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)