On July 16, 2020, the non-profit software company announced “the ransomware attacker did not access donor bank account information or Social Security numbers,” according to the SEC statement. In fact, the attackers accessed unencrypted customer information.

The SEC said the event affected more than 13,000 of the nonprofit software company’s customers, which the agency described as a quarter of Blackbaud’s customers. Blackbaud said records of roughly  6 million individuals were involved. Last year, Blackbaud said the intrusion would cost it $25 million to $35 million.

While Blackbaud determined within days of the announcements that records had been accessed the company’s technology and customer relations personnel did not communicate this information to senior management “because the company failed to maintain disclosure controls and procedures,” according to the SEC.

Blackbaud received more than 1,000 customer inquiries about the attack with some concerned they had uploaded sensitive data to fields that were not encrypted. A few days later, company service personnel used a Blackbaud script that acknowledged the fields were unencrypted.

Blackbaud faces several lawsuits over the attack.

Bob Scott

• Email

Bob Scott has provided information to the tax and accounting community since 1991, first as technology editor of Accounting Today, and from 1997 through 2009 as editor of its sister publication, Accounting Technology. He is known throughout the industry for his depth of knowledge and for his high journalistic standards.  Scott has made frequent appearances as a speaker, moderator and panelist and events serving tax and accounting professionals. He  has a strong background in computer journalism as an editor with two former trade publications, Computer+Software News and MIS Week and spent several years with weekly and daily newspapers in Morris County New Jersey prior to that.  A graduate of Indiana University with a degree in journalism, Bob is a native of Madison, Ind