A South Carolina-based software company agreed to pay $3 million to the Securities and Exchange Commission (SEC) to settle claims it violated securities law by failing to disclose the true scope of a ransomware attack that affected 13,000 users.
Blackbaud disclosed details about a breach of customer personal information in July 2020 on its website and through direct contact with customers but claimed no bank account information or Social Security numbers had been exposed.
