Blackbaud Inc., a South Carolina-based public company that provides donor data management software to non-profit organizations, has agreed to pay a $3 million civil penalty to settle charges over misleading disclosures about a 2020 ransomware attack that impacted more than 13,000 customers. The SEC announced the settlement on March 9, 2023.
On July 16, 2020, Blackbaud announced that the ransomware attacker did not access donor bank account information or social security numbers. However, within days, the company’s technology and customer relations personnel learned that the attacker had accessed and exfiltrated this sensitive information. Unfortunately, these employees did not communicate this information to senior management responsible for public disclosure. This was due to the company’s failure to maintain disclosure controls and procedures. As a result, in August 2020, the company filed a quarterly report with the SEC that omitted material information about the scope of the attack and misleadingly characterized the risk of an attacker obtaining such sensitive donor information as hypothetical.
The SEC’s order finds that Blackbaud violated Sections 17(a)(2) and 17(a)(3) of the Securities Act of 1933 and Section 13(a) of the Securities Exchange Act of 1934 and Rules 12b-20, 13a-13, and 13a-15(a) thereunder. Blackbaud agreed to cease and desist from committing violations of these provisions and pay a $3 million civil penalty without admitting or denying the SEC’s findings.
Have a securities law question? Call New York Securities Lawyers at 212-509-6544.
- American Infrastructure Funds Settles SEC Charges
- SEC Charges Audit Firm Marcum LLP for Widespread Quality Control Deficiencies
- SEC Charges Stockbroker and Friend with Insider Trading
- SEC Charges Former DWAC Board Member and Others for Insider Trading in DWAC Securities
- SEC Charges Two Oregon Residents with $10 Million Ponzi-Like Scheme
- SEC Charges Smart Window Manufacturer View Inc. with Failing to Disclose $28 Million Liability
- SEC Charges Former Army Financial Counselor Who Defrauded Gold Star Family Members
- SEC Charges RSE Markets Inc. for Operating an Unregistered Securities Exchange
- SEC Awards Whistleblower More Than $9 Million
- SEC Adopts Money Market Fund Reforms and Amendments to Form PF Reporting Requirements for Large Liquidity Fund Advisers
- SEC Charges Merrill Lynch and Parent Company for Failing to File Suspicious Activity Reports
- SEC Charges Celsius Network Limited and Founder Alex Mashinsky with Fraud and Unregistered Offer and Sale of Securities
- JPMorgan Chase announces layoffs
- SEC Charges Twice-Convicted Fraudster Eliyahu Weinstein and Five Others with $38 Million Ponzi-Like Scheme to Defraud Investors
- SEC Charges Digital World SPAC for Material Misrepresentations to Investors