The U.S. Securities and Exchange Commission fined data management platform Blackbaud $3 million for improper disclosures to individuals affected by a 2020 ransomware attack. Blackbaud told customers the incident did not compromise bank account information and Social Security numbers when, according to the SEC, security and communications personnel knew the information was accessed. Without due notice, senior management left the full disclosure out of its quarterly report and characterized a breach of personal data as hypothetical.