Security News > 2023 > March > Blackbaud to pay $3M for misleading ransomware attack disclosure

Cloud software provider Blackbaud has agreed to pay $3 million to settle charges brought by the Securities and Exchange Commission, alleging that it failed to disclose the full impact of a 2020 ransomware attack that affected more than 13,000 customers.
To settle the SEC's charges, Blackbaud has agreed to pay a $3 million civil penalty for failing to disclose the full scope of the cyber attack.
"As the order finds, Blackbaud failed to disclose the full impact of a ransomware attack despite its personnel learning that its earlier public statements about the attack were erroneous," said David Hirsch, the head of the SEC Enforcement Division's Crypto Assets and Cyber Unit.
"Public companies have an obligation to provide their investors with accurate and timely material information; Blackbaud failed to do so."
According to the SEC, the company stated in July 2020 that the attackers behind the May 2020 ransomware attack had not gained access to donor bank account details or social security numbers.
Until November 2020, Blackbaud had already been sued in 23 proposed consumer class action cases in the U.S. and Canada related to the May 2020 ransomware attack and data breach, according to the 2020 Q3 Quarterly report filed with the SEC. The company also revealed that government agencies and data regulators, including a multi-state, consolidated Civil Investigative Demand issued on behalf of 43 state Attorneys Generals and the District of Columbia, have also made inquiries into the attack.
News URL
Related news
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Lee Enterprises newspaper disruptions caused by ransomware attack (source)
- Southern Water says Black Basta ransomware attack cost £4.5M in expenses (source)
- Qilin ransomware claims attack at Lee Enterprises, leaks stolen data (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hunters International ransomware claims attack on Tata Technologies (source)
- Toronto Zoo shares update on last year's ransomware attack (source)