This post was originally published on this site
In July 2020, the South Carolina-based provider of donor data management software disclosed a ransomware attacker and said the attacker had not accessed bank account information or Social Security numbers of donors, the SEC said.
“Within days” of those disclosures, some company employees learned the attacker had accessed and taken that information, the SEC said. The employees did not tell senior managers responsible for public disclosure because the firm failed to maintain disclosure controls and procedures, the SEC said.
In August 2020, the SEC said, Blackbaud filed a quarterly report with the agency that omitted material information about the scope of the attack.
An attorney for Blackbaud, which did not admit or deny the SEC’s findings, did not respond immediately to a request for comment.
