Blackbaud to pay $3M for misleading ransomware attack disclosure


Cloud software provider Blackbaud has agreed to pay $3 million to settle charges brought by the Securities and Exchange Commission (SEC), alleging that it failed to disclose the full impact of a 2020 ransomware attack that affected more than 13,000 customers.

The organizations impacted by the incident include many entities, such as charities, foundations, non-profits, and universities worldwide, from the U.S., Canada, the U.K., and the Netherlands.

To settle the SEC’s charges (but without confirming or denying the SEC’s findings), Blackbaud has agreed to pay a $3 million civil penalty for failing to disclose the full scope of the cyber attack.

Read more…