On March 9, 2023, the Securities and Exchange Commission (“SEC”) announced that Blackbaud Inc. (“Blackbaud”) agreed to pay $3 million to settle charges for alleged misleading disclosures about its 2020 ransomware attack and for alleged disclosure control failures.1
Blackbaud, a South Carolina-based company that provides data management software to colleges, universities, and non-profit organizations, suffered a ransomware attack in 2020 impacting more than 13,000 customers. According to the SEC’s order, unauthorized access to Blackbaud systems began in February of 2020 and was first discovered in May 2020.