What happens if you 'cover up' a ransomware infection? For Blackbaud, a $3m charge

2023-03-10 22:05

Blackbaud has agreed to pay $3 million to settle charges that it made misleading disclosures about a 2020 ransomware infection in which crooks stole more than a million files on around 13,000 of the cloud software slinger's customers.

"Blackbaud is pleased to resolve this matter with the SEC and appreciates the collaboration and constructive feedback from the Commission as the company continually improves its reporting and disclosure policies," Tony Boor, the outfit's chief financial officer, said told The Register.

Here's what happened: back in May 2020, Blackbaud experienced a ransomware infection, quietly paid off the crooks, and didn't tell customers about the security breach until July 2020.

By the end of that month the SEC claims that Blackbaud personnel discovered that the miscreants had accessed unencrypted donor bank account information and social security numbers.

"As the order finds, Blackbaud failed to disclose the full impact of a ransomware attack despite its personnel learning that its earlier public statements about the attack were erroneous," David Hirsch, chief of the SEC Enforcement Division's Crypto Assets and Cyber Unit said in a statement.

The ransomware infection - and lack of transparency about the security snafu - also sparked several class action lawsuits against Blackbaud.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/03/10/sec_blackbaud_3m_penalty/

#coverup #ransomware