CONTRIBUTOR

ARTICLE

United States: SEC Notice To Public Companies: Less-than-forthcoming Breach Disclosures Can Cost You

21 March 2023

by Cynthia J. Larose

Mintz

Your LinkedIn Connections
with the authors

To print this article, all you need is to be registered or login on Mondaq.com.

Just ahead of the expected April release of the final SEC cybersecurity regulations, the SEC has fined Blackbaud, a donor data management platform used widely by nonprofits, $3 million dollars for "misleading disclosures" in connection with a 2020 ransomware attack that impacted more than 13,000 customers.

Blackbaud told customers the incident did not compromise bank account information and Social Security numbers when, according to the SEC, security and communications personnel knew the information was accessed and did not communicate that information to senior management. Absent the critical information, senior management responsible for disclosure left the full disclosure out of its quarterly report and, according to the SEC, "misleadingly characterized the risk of an attacker obtaining such sensitive donor information as hypothetical."

Not all data breaches -- ransomware attacks or otherwise -- rise to the level of materiality that could trigger a disclosure in SEC reporting. However, disclosure controls and procedures should certainly have pushed the accurate information about the compromise of personal information up the chain for such analysis and could have saved Blackbaud a tidy sum of money.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

AUTHOR(S)

Cynthia J. Larose

Mintz

ARTICLE TAGS

United States Compliance Corporate/Commercial Law Compliance Technology Security

POPULAR ARTICLES ON: Technology from United States

RELATED CONTENT

FREE News Alerts

Sign Up for our free News Alerts - All the latest articles on your chosen topics condensed into a free bi-weekly email.

Article Tags

United States Compliance Corporate/Commercial Law Compliance Technology

More Tags

Related Articles

The State Of AI In 2024 In 15 Graphs Foley & Lardner

Noted With Interest: Newly-Issued DFS Guidance On Banks Quinn Emanuel Urquhart & Sullivan

New CISA Cybersecurity Incident Reporting Requirements Proposed For Critical Infrastructure Companies Akin Gump Strauss Hauer & Feld LLP

Leveraging Artificial Intelligence - Part I: AI Vendor Contracts (Video) Carter Ledyard & Milburn

AI Regulatory And Legal Issues Today: A Conversation With Natasha Allen Foley & Lardner

Mondaq Webinars

MAY14

Asset Recovery and Judgment Enforcement: A Focus on 2024 Trends in the US and UK

JUN05

Killing the Paper Tiger – HR Toolbox for Running your German Operation Smoothly

Comparative Guides

Anti-Corruption & Bribery

Artificial Intelligence

Aviation Finance

Aviation Regulation

Banking Regulation

Mondaq Advice Centres

United States

Advertising and Marketing

United States

Telemarketing

United States

COVID-19

Global

Trademarks in SAARC Countries

United States

International Trade Law & Customs

Curated Content

Revolutionizing Resolution: The Transformative Impact Of AI On ADR
JAMS

Evolving Legal Norms For Artificial Intelligence In The European Union And The United States
Braumiller Law Group, PLLC

The Use Of AI In ADR: Balancing Potential And Pitfalls
JAMS

Assessing The Benefits And Challenges Of Tokenizing Real World Assets
Braumiller Law Group, PLLC

Knowing What's Ahead: Dispute Resolution Planning For Startups In The New Age Of Generative AI
JAMS

Upcoming Events

MAY06

Client Appreciation Event At The MBA Legal Issues And Regulatory Compliance Conference

Goodwin Procter LLP

Reception San Diego United States

MAY20

Breaking Up Is Hard To Do And Other Trends In PBM And Pharmacy Supply Chain Contracting

Panel Nashville United States

More filters

Mondaq Social Media

© Mondaq® Ltd 1994 - 2024. All Rights Reserved.

Please to Mondaq or for unlimited free access and a complimentary news alert

|

|

|

|