SEC Charges Public Company For Alleged Misleading Disclosures Surrounding Ransomware Attack

March 17, 2023

On March 9, 2023, the Securities and Exchange Commission (“SEC”) brought an enforcement action against a public company, Blackbaud Inc. (“Blackbaud” or the “Company”), alleging that it had made misleading disclosures about a 2020 ransomware attack. 

This is the fourth SEC settled enforcement action concerning disclosures following a cyberattack. This development highlights increased regulatory scrutiny that public companies face related to cyberattacks and serves as a potential prelude to the SEC’s aggressiveness in enforcing its upcoming revised rules on cybersecurity incident disclosures. 

Please click here to continue reading on the Cleary Cybersecurity and Privacy Watch blog.