Cloud provider Blackbaud pays the price for its ransomware cover-up

It’ll pay a $3 million settlement penalty

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cloud software company Blackbaud has agreed to pay a $3 million settlement for misleading disclosures about a ransomware attack that happened almost three years ago, in May 2020.

The public company, which provides donor data management software to non-profit organizations and educational establishments, had failed,until now, to disclose a ransomware attack it was aware of at the time.

Said attack was believed to have affected over 13,000 customers, putting personally identifiable information like names, addresses, email addresses, and phone numbers at risk.

Blackbaud’s 2020 ransomware attack

The US Securities and Exchange Commission (SEC)explainedthat “[…] in August 2020, the company filed a quarterly report with the SEC that omitted this material information about the scope of the attack and misleadingly characterized the risk of an attacker obtaining such sensitive donor information as hypothetical.”

Chief of the SEC Enforcement Division’s Crypto Assets and Cyber Unit, David Hirsch, noted that Blackbaud failed to inform investors in an accurate and timely manner about the ransomware attack - an obligation it has as a public company.

However, it complied with the threat and paid the cybercriminal’s demand “with confirmation that the copy they removed had been destroyed”, citing customer data as a key priority in its decision.

The best ransomware protection>These were the worst ransomware attackers of 2022>Most ransomware payments go on to fund many further attacks

Due to its poor communication and subsequent events, various sections and rules of the Securities Act of 1933 and Securities Exchange Act of 1934 were found to have been violated, resulting in a $3 million civil penalty and Blackbaud’s cease and desist from committing these violations.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The company has not yet made a public comment about the settlement, nor has it issued any reassurance to customers whose doubts have been raised following the ransomware attack entering public discussions.

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Google puts Nvidia on high alert as it showcases Trillium, its rival AI chip, while promising to bring H200 Tensor Core GPUs within days

A new form of macOS malware is being used by devious North Korean hackers

This super-cheap HP Victus 15 gaming laptop just dropped to its lowest price yet