Blackbaud Fined $3M for 'Failing to Disclose' That Ransomware Attack Breached Private Data

Blackbaud, a South Carolina-based provider of administrative, donor management, and CRM software to education and nonprofit organizations, has been fined $3 million by the U.S. Securities and Exchange Commission "for making misleading disclosures about a 2020 ransomware attack that impacted more than 13,000 customers,” the federal agency said. 

The SEC order said that during the ransomware attack, bank account information and Social Security numbers of donors stored by Blackbaud customers were stolen by the attackers, but Blackbaud had told customers the opposite and subsequently omitted the information in quarterly filings with the SEC. 

“On July 16, 2020, Blackbaud announced that the ransomware attacker did not access donor bank account information or Social Security numbers. Within days of these statements, however, the company’s technology and customer relations personnel learned that the attacker had in fact accessed and exfiltrated this sensitive information,” said the SEC order. “These employees did not communicate this information to senior management responsible for its public disclosure because the company failed to maintain disclosure controls and procedures.” 

In its August 2020 quarterly report filed with the SEC, Blackbaud “omitted this material information about the scope of the attack and misleadingly characterized the risk of an attacker obtaining such sensitive donor information as hypothetical,” the agency said.

“Public companies have an obligation to provide their investors with accurate and timely material information; Blackbaud failed to do so,” said David Hirsch, chief of the SEC Enforcement Division’s Crypto Assets and Cyber Unit. 

The agency ruled that Blackbaud violated two sections of the Securities Act of 1933 and one section of the Securities Exchange Act of 1934 as well as Rules 12b-20, 13a-13, and 13a-15(a). 

“Without admitting or denying the SEC’s findings, Blackbaud agreed to cease and desist from committing violations of these provisions” and to pay the fine of $3 million, the agency said.

According to its website, Blackbaud provides cloud-based software for education and nonprofit fundraising and donor relationship management, enrollment, finance, grants and awards, and marketing management.

 

 

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • horizontal stack of U.S. dollar bills breaking in half

    ED Abruptly Cancels ESSER Funding Extensions

    The Department of Education has moved to close the door on COVID relief funding for schools, declaring that "extending deadlines for COVID-related grants, which are in fact taxpayer funds, years after the COVID pandemic ended is not consistent with the Department’s priorities and thus not a worthwhile exercise of its discretion."

  • The AI Show

    Register for Free to Attend the World's Greatest Show for All Things AI in EDU

    The AI Show @ ASU+GSV, held April 5–7, 2025, at the San Diego Convention Center, is a free event designed to help educators, students, and parents navigate AI's role in education. Featuring hands-on workshops, AI-powered networking, live demos from 125+ EdTech exhibitors, and keynote speakers like Colin Kaepernick and Stevie Van Zandt, the event offers practical insights into AI-driven teaching, learning, and career opportunities. Attendees will gain actionable strategies to integrate AI into classrooms while exploring innovations that promote equity, accessibility, and student success.

  • person typing on a touch screen schedule plan calendar

    2025 Tech Tactics in Education Conference Agenda Announced

    Registration is free for this fully virtual May 7 event, focused on "Thriving in the Age of AI" in K-12 and higher education.

  • laptop screen with a video play icon, surrounded by parts of notebooks, pens, and a water bottle on a student desk

    Studyfetch AI Tool Generates Video Explanations Based on Course Materials

    AI-powered studying and learning platform Studyfetch has introduced Imagine Explainers, a new video creator that utilizes artificial intelligence to generate 10- to 60-minute explainer videos for any topic.