Skip to main content
Skip to navigation

Regulatory Enforcement

SEC orders Blackbaud to pay $3M for misleading ransomware disclosures

By Aaron Nicodemus2023-03-10T19:32:00

A South Carolina-based software company agreed to pay $3 million to the Securities and Exchange Commission (SEC) to settle claims it violated securities law by failing to disclose the true scope of a ransomware attack that affected 13,000 users.

Blackbaud disclosed details about a breach of customer personal information in July 2020 on its website and through direct contact with customers but claimed no bank account information or Social Security numbers had been exposed.

In August, the company made a similar disclosure to the SEC in a quarterly report. The company omitted material information about the attack, the SEC said in its order, namely that the hacker did in fact obtain the bank account information and Social Security numbers of some Blackbaud customers.

THIS IS MEMBERS-ONLY CONTENT

cw-membership

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.

Related articles

News Brief
Blackbaud avoids fine in FTC deal requiring data deletion

2024-02-02T19:01:00Z By Jeff Dale

Software company Blackbaud will be required to delete unnecessary data and boost cybersecurity as part of a proposed settlement with the Federal Trade Commission stemming from a 2020 data breach.
News Brief
SEC fines BlackRock $2.5M over inaccurate investment disclosures

2023-10-24T22:21:00Z By Kyle Brasseur

BlackRock Advisors agreed to pay $2.5 million as part of a settlement with the Securities and Exchange Commission addressing allegations the firm inaccurately described investments a fund it advised made in a now-defunct film production company.
News Brief
Blackbaud settles with states for $49.5M over 2020 data breach

2023-10-16T21:16:00Z By Jeff Dale

Software company Blackbaud agreed to pay $49.5 million in a multistate settlement addressing charges related to a 2020 cyberattack that exposed the personal data of approximately 13,000 consumers.

More from Regulatory Enforcement

Article
French investigators target anticompetitive practices in largest accounting firms

2026-02-05T00:55:00Z By Ruth Prickett

Major accountancy firms in France are under investigation for anti-competitive practices. The French competition watchdog embarked on a series of “unannounced inspections” and removed documents relating to audit and reporting on Jan. 13.
Article
EU investigation into Grok may expose problems with DSA rather than compliance failings

2026-02-03T23:22:00Z By Neil Hodge

The European Commission has launched a formal investigation against Elon Musk’s X under the Digital Services Act over fears that its AI tool Grok may be producing and disseminating illegal material.
Article
Former ADM execs inflated operating profits, SEC alleges

2026-02-03T22:57:00Z By Adrianne Appel

Three former executives at Archer-Daniels-Midland intentionally misled investors by inflating the performance of the company’s Nutrition unit, the U.S. Securities and Exchange Commission has alleged.