Compliance » Million Lesson On What To Reveal After A Ransomware Attack

$3 Million Lesson On What To Reveal After A Ransomware Attack

Retro drawing of 19th century figures - two men. One observes the other, who is holding a newspaper closely in front of his face, his hair standing on end.

The SEC has reached a $3 million settlement with Blackbaud, a client relationship company for non-profits, over allegations that it both dissembled in SEC filings with regard to the fallout from a ransomware attack, and failed to maintain systems that would keep senior management sufficiently apprised regarding the incident. Per the narrative in the SEC Cease and Desist Order, the company’s failure was partly a matter of the right hand not knowing what the left hand was doing, and at least some of what it became liable for would have been avoided with better internal communications.

A posts from law firm Wilmer Hale provides a summary of the settlement and finds that it reflects two recent trends in SEC enforcement. One is to sanction companies for failing to maintain adequate disclosure controls over cyber breaches and other “non-financial matters.” The other is to cite companies that understate the gravity of what has occurred by labeling known risks as “hypothetical.” The Wilmer Hale post provides some key takeaways, with regard to both statements made to the public and statements made in SEC filings. Among them: Keep tabs on the updated findings of the forensic investigators, and make sure your statements remain accurate. -Today’s General Counsel/DR

Get our free daily newsletter

Subscribe for the latest news and business legal developments.

Read this next

Top 100 Litigator Sues Blue Cross Over His Cancer Treatment

In 2018, Robert Salim, 67, realized he was seriously ill. After numerous […]

Eight States Now Require Pay Transparency in Job Postings

Financial Industry Suing to Foil New Regulations

New rules aimed at lenders, investment funds, and other financial entities would […]

Regulatory Burden Factors Into AI Decision

GC Must Warn Boards Of AI Risks

There are companies investing hundreds of millions of dollars or more into […]

Scroll to Top