Software firm Blackbaud to pay $3 million for misleading disclosures on ransomware attack: SEC
In November, India’s leading government healthcare institution was targeted by a ransomware attack, which reportedly originated from China. Representative Image
Software company Blackbaud Inc has agreed to pay $3 million to settle charges it made misleading disclosures about a 2020 ransomware attack that impacted over 13,000 customers, the U.S. Securities and Exchange Commission said on Thursday.
In July 2020, the South Carolina-based provider of donor data management software disclosed a ransomware attacker and said the attacker had not accessed bank account information or Social Security numbers of donors, the SEC said.
“Within days” of those disclosures, some company employees learned the attacker had accessed and taken that information, but the employees did not tell senior managers responsible for public disclosure because the firm failed to maintain disclosure controls and procedures, the SEC said.
In August 2020, the SEC said, Blackbaud filed a quarterly report with the agency that omitted material information about the scope of the attack.
Representatives for Blackbaud, which did not admit or deny the SEC’s findings, did not respond immediately to a request for comment.
The regulator has pushed public companies and registered entities to make more timely and specific disclosures about cyber-attacks. The SEC is set to unveil a new effort next week to control how broker-dealers and others tackle the risk of hacking and respond to theft of customer data, continuing a regulatory drive on cybersecurity in the financial sector.
FacebookTwitterLinkedin
In November, India’s leading government healthcare institution was targeted by a ransomware attack, which reportedly originated from China. Representative Image
Software company Blackbaud Inc has agreed to pay $3 million to settle charges it made misleading disclosures about a 2020 ransomware attack that impacted over 13,000 customers, the U.S. Securities and Exchange Commission said on Thursday.
In July 2020, the South Carolina-based provider of donor data management software disclosed a ransomware attacker and said the attacker had not accessed bank account information or Social Security numbers of donors, the SEC said.
“Within days” of those disclosures, some company employees learned the attacker had accessed and taken that information, but the employees did not tell senior managers responsible for public disclosure because the firm failed to maintain disclosure controls and procedures, the SEC said.
In August 2020, the SEC said, Blackbaud filed a quarterly report with the agency that omitted material information about the scope of the attack.
Representatives for Blackbaud, which did not admit or deny the SEC’s findings, did not respond immediately to a request for comment.
The regulator has pushed public companies and registered entities to make more timely and specific disclosures about cyber-attacks. The SEC is set to unveil a new effort next week to control how broker-dealers and others tackle the risk of hacking and respond to theft of customer data, continuing a regulatory drive on cybersecurity in the financial sector.
FacebookTwitterLinkedin
Denial of responsibility! Techno Blender is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.