Blackbaud To Pay $3M Penalty To Settle SEC Charges For Misleading Disclosures Pertaining To 2020 Ransomware Attack

Blackbaud, Inc BLKB agreed to pay $3 million to settle charges for making misleading disclosures about a 2020 ransomware attack that impacted over 13,000 customers.
The SEC's order finds that, on July 16, 2020, Blackbaud said that the ransomware attacker did not access donor bank account information or social security numbers.
However, within days of these statements, the company's technology and customer relations personnel discovered that the attacker had accessed and exfiltrated this sensitive information.
These employees did not communicate this information to senior management due to the company's lack of disclosure controls and procedures.
Due to this failure, in August 2020, the company filed a quarterly report with the SEC that omitted this material information about the scope of the attack and misleadingly characterized the risk of an attacker obtaining such sensitive donor information as hypothetical.
Blackbaud neither admitted nor denied the SEC's findings.
Blackbaud held $733.9 million in cash and equivalents as of December 31.
Blackbaud provides donor data management software to non-profit organizations.
Price Action: BLKB shares closed lower by 0.09% at $55.97 on Thursday.