SEC commissioner: ‘our companies, and our country, are under attack’

The Securities and Exchange Commissioner says that corporations need to do more to protect investors from the financial damages of data beaches. Speaking at Tulane University’s Corporate Tulane Law School on Thursday, a leader of the SEC plainly stated that American companies are “under attack” from hackers. “The cyberthreat is not primarily a regulatory issue any more than it is primarily a technological issue. Cybercrime is an enterprise-level risk that will require an interdisciplinary approach, significant investments of time and talent by senior leadership and board-level attention,” SEC Commissioner Robert Jackson said. The SEC issued updated guidance last month for how companies should approach the issue of breach disclosure. Jackson said that he only reluctantly joined the guidance because it leaves too much discretion to corporate counsel to decide whether investors should be informed of an incident. “I worry that these judgments have, too often, erred on the side of nondisclosure, […]

The post SEC commissioner: ‘our companies, and our country, are under attack’ appeared first on Cyberscoop.

Continue reading SEC commissioner: ‘our companies, and our country, are under attack’

Former Equifax executive charged with insider trading after mega breach

A former Equifax executive is facing charges from both the Securities and Exchange Commission and the Department of Justice for insider trading before the company publicly announced a massive breach in September 2017. The SEC said in a press release that Jun Ying, Equifax’s former chief information officer, allegedly used privileged information to conclude that Equifax had suffered a breach and subsequently sold all of his stocks for a total of nearly $1 million. The agency claims that, by selling stocks before the company’s public notification, Ying dodged $117,000 in losses. “Ying used confidential information to conclude that his company had suffered a massive data breach, and he dumped his stock before the news went public,” said Richard Best, director of the SEC’s regional office in Atlanta in the release. “Corporate insiders who learn inside information, including information about material cyber intrusions, cannot betray shareholders for their own financial benefit.” The U.S. Attorney’s […]

The post Former Equifax executive charged with insider trading after mega breach appeared first on Cyberscoop.

Continue reading Former Equifax executive charged with insider trading after mega breach

SEC says insider trading is not the right response to cyber risk

The United States Securities and Exchange Commission (SEC) has warned public companies that they not only need to do more to fulfil their obligations to transparency and openness with investors about cybersecurity breaches, but they also must disclose … Continue reading SEC says insider trading is not the right response to cyber risk

Weekly Cyber Risk Roundup: W-2 Theft, BEC Scams, and SEC Guidance

The FBI is once again warning organizations that there has been an increase in phishing campaigns targeting employee W-2 information. In addition, this week saw new breach notifications related to W-2 theft, as well as reports of a threat actor targeti… Continue reading Weekly Cyber Risk Roundup: W-2 Theft, BEC Scams, and SEC Guidance

New SEC guidance: please don’t sell your stocks if you have insider info about a breach

The Securities and Exchange Commission wants companies to be more transparent about the way they handle data breaches. On Wednesday, the SEC issued an updated guidance regarding expectations that companies must meet in disclosing cybersecurity vulnerabilities and hacking incidents. The guidance is non-binding in nature, but outlines the bare minimum that companies must do, according to the SEC, to avoid legal trouble. The unanimously approved guidance details the ways public companies ought to be transparent with investors and other stakeholders when it comes to cyber risk. The memo tells companies to disclose information about incidents or vulnerabilities in a timely manner. In addition, the guidance addresses the issue of company officers selling shares before publicly disclosing a known cybersecurity incident. This was an issue which clouded the recent publication of two critical microchip flaws affecting Intel, AMD and ARM. “Given the frequency, magnitude and cost of cybersecurity incidents, the Commission […]

The post New SEC guidance: please don’t sell your stocks if you have insider info about a breach appeared first on Cyberscoop.

Continue reading New SEC guidance: please don’t sell your stocks if you have insider info about a breach

After litany of lies, Israeli hacking firm Ability settles lawsuit for $3 million

Plagued by investor lawsuits and federal investigations over allegedly lying about products and finances, Israeli hacking company Ability Inc. recently settled out of court by paying $3 million to investors who say Ability’s executives have been misleading about their company’s finances from the start. Most of the allegations in the class action lawsuit are also violations of federal law, so it’s little surprise that Ability came under federal investigation last year for allegedly lying about products and finances. When asked about the current status of the investigation, the SEC declined to comment. Investigations of this nature tend to take years to complete. The settlement is a significant hit for a company with fast evaporating cash reserves and revenue — and little explanation as to why things have gone so badly. With just $3.6 million in cash left on their balance sheet, according to SEC filings, the clock is ticking. The company spent $8.4 million […]

The post After litany of lies, Israeli hacking firm Ability settles lawsuit for $3 million appeared first on Cyberscoop.

Continue reading After litany of lies, Israeli hacking firm Ability settles lawsuit for $3 million