This week, the Securities and Exchange Commission (SEC) charged four public companies for alleged deceptive cyber disclosures: Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd., and Mimecast Limited. The companies agreed to pay civil penalties to settle the SEC’s charges as follows:
Intercontinental Exchange Settles with SEC Over Alleged Delay in Notification of Hack
Intercontinental Exchange, Inc. (ICE), the owner of the New York Stock Exchange, has agreed to settle with the Securities and Exchange Commission (SEC) for $10 million over allegations that it failed to timely notify the SEC of the cybersecurity incident it experienced in 2021 involving its virtual private network.
The SEC alleged that ICE should…
SEC’s Hacked X Account Leads to Tumultuous Bitcoin Market
The Securities and Exchange Commission has confirmed that its X account “was compromised, and an unauthorized post was posted.” The SEC confirmed that it “has not approved the listing and trading of spot bitcoin exchange-traded products.”
The SEC’s X account was compromised on Tuesday, January 9, 2024, and a fake post was published that in…
SEC Hits SolarWinds and CISO with Investor Fraud Suit Over Cybersecurity
In a first, bold move by the Securities and Exchange Commission (SEC) following its new Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies, issued on July 26, 2023, this week, the SEC filed suit against SolarWinds and its Chief Information Security Officer (CISO) alleging that SolarWinds and its CISO…
SEC Adopts New Cybersecurity Rules for Public Companies
In a 3-2 vote, the Securities and Exchange Commission (SEC) adopted new cybersecurity rules yesterday (July 26, 2023) applicable to public companies.
The rules, which will become effective thirty days after publication in the Federal Register, require public companies to “disclose material cybersecurity incidents they experience and to disclose on an annual basis material information…
SEC Charges Social Media Influencers with Stock Manipulation and Warns Investors
The Justice Department and the Security and Exchange Commission (SEC) have charged eight men of using their social media clout to manipulate investors in a stock pump-and-dump scheme [view related]. The defendants allegedly took to Twitter and Discord to promote themselves as seasoned stock traders and, according to the SEC’s press release, fed their…
Molson-Coors Discloses Cybersecurity Incident that Affected Production in 8-K Filing
Manufacturers of products often are not prepared for, or aware that cybersecurity incidents can disrupt production and distribution of product. A recent filing by Molson-Coors Beverage Company illustrates that manufacturers face similar cybersecurity risks as other industries.
On March 11, 2020, Molson-Coors filed a Form 8-K with the Securities and Exchange Commission stating that:
Molson …
Securities Fraud Litigation in Wake of Data Breach
It is no longer a matter of if, but when companies that suffer a data breach will be sued in a class action lawsuit following a data breach. Many of those data breach cases get dismissed, as it is difficult for consumers to show they have suffered a compensable harm from a particular data breach.…
SEC Issues Warning for Advisors and Broker-Dealers on Increased Ransomware Attacks
On July 10, 2020, the Securities and Exchange Commission, through its Office of Compliance Inspections and Examinations (OCIE), issued a warning to advisors and broker-dealers to “immediately” review their cybersecurity controls to prevent and respond to an increase in phishing campaigns and ransomware attacks.
The Risk Alert advises that the OCIE has “observed an apparent…
Cognizant Confirms Maze Ransomware Attack
The criminals behind the Maze ransomware [view recent related posts here and here] have gone big and hit Cognizant, one of the largest technology consulting companies in the U.S., with its nasty ransomware.
Cognizant stated on its website that it “can confirm that a security incident involving our internal systems, and causing service disruptions…