Blackbaud Inc., a South Carolina-based public company that provides donor data management software to non-profit organizations, has agreed to pay a $3 million civil penalty to settle charges over misleading disclosures about a 2020 ransomware attack that impacted more than 13,000 customers. The SEC announced the settlement on March 9, 2023.
Misleading Disclosures
On July 16, 2020, Blackbaud announced that the ransomware attacker did not access donor bank account information or social security numbers. However, within days, the company’s technology and customer relations personnel learned that the attacker had accessed and exfiltrated this sensitive information. Unfortunately, these employees did not communicate this information to senior management responsible for public disclosure. This was due to the company’s failure to maintain disclosure controls and procedures. As a result, in August 2020, the company filed a quarterly report with the SEC that omitted material information about the scope of the attack and misleadingly characterized the risk of an attacker obtaining such sensitive donor information as hypothetical.
SEC’s Order
The SEC’s order finds that Blackbaud violated Sections 17(a)(2) and 17(a)(3) of the Securities Act of 1933 and Section 13(a) of the Securities Exchange Act of 1934 and Rules 12b-20, 13a-13, and 13a-15(a) thereunder. Blackbaud agreed to cease and desist from committing violations of these provisions and pay a $3 million civil penalty without admitting or denying the SEC’s findings.
Have a securities law question? Call New York Securities Lawyers at 212-509-6544.
Related Articles
- SEC & FINRA Investigations: Legal Guidance You Need
- SEC Files Charges Against Senior Executives in Alleged Bribery Scheme Involving Adani Green and Azure Power
- UPS to Pay $45 Million Penalty for Improperly Valuing Business Unit
- SEC Charges Kiromic BioPharma and Two Former C-Suite Executives with Misleading Investors about Status of FDA Reviews
- SEC Investor Advisory Committee to Examine Mandatory Arbitration Clauses in Adviser Agreements and Alternative Assets and Retail Investors at December 10 Meeting
- Understanding SEC Investigations: Process, Defense, and Legal Tips
- SEC Updates List of Firms Using Inaccurate Information to Solicit Investors
- SEC Charges Three Senior Executives in Two Actions Alleging Massive Bribery Scheme Involving Indian Energy Companies Adani Green and Azure Power
- SEC Charges Ken Leech, Former Co-Chief Investment Officer of Western Asset Management Co., with Fraud
- 9 Proven Strategies for Defending an SEC Investigation
- SEC Charges Founder of Social Media Company “IRL” with $170 Million Fraud
- SEC Charges Multiple Individuals and Entities in Relationship Investment Scams
- SEC Charges DraftKings with Selectively Disclosing Nonpublic Information Via CEO’s Social Media Accounts
- SEC Division of Examinations Announces 2025 Priorities
- SEC Charges Four Companies With Misleading Cyber Disclosures
Mark Astarita is a nationally recognized securities attorney, who represents investors, financial professionals and firms in securities litigation, arbitration and regulatory matters, including SEC and FINRA investigations and enforcement proceedings.
He is a partner in the national securities law firm Sallah Astarita & Cox, LLC, and the founder of The Securities Law Home Page - SECLaw.com, which was one of the first legal topic sites on the Internet. It went online in 1995 and is updated daily with news, commentary and securities law related links.