Securities and Exchange Commission (SEC) – Page 2

The Securities and Exchange Commission voted Wednesday 3-1 to approve a recommendation for tighter mandatory cybersecurity requirements for financial institutions. The proposed rule will now open to public comment before a final vote. “The proposed rules and amendments are designed to enhance cybersecurity preparedness and could improve investor confidence in the resiliency of advisers and funds against cybersecurity threats and attacks,” SEC Chairman Gary Gensler said at the agency’s open meeting. Most critically, the new rule would require confidential reports of any “significant” cybersecurity incidents to the SEC within 48 hours. The proposal also would require advisers and funds to adopt, at a minimum, cybersecurity protections including a risk assessment; user security and access controls; information protection and monitoring to protect systems from unauthorized use; and an annual written review of cybersecurity risks and policies. The report would require review by a board of directors. Commissioners said they want more […]

The post SEC’s breach notification proposal one step closer to a final vote appeared first on CyberScoop.

Continue reading SEC’s breach notification proposal one step closer to a final vote→

SEC’s Gensler signals enhancement of cybersecurity, breach disclosure rules for financial sector

Posted on January 25, 2022 by Tim Starks

U.S. Securities and Exchange Commission Chairman Gary Gensler is exploring an expansion of the SEC’s core cybersecurity rules to cover a broader swath of entities and require public companies to improve disclosure of breaches and risks. Gensler said in a speech on Monday that he instructed staff to look into an update of the commission’s “Regulation Systems Compliance and Integrity,” or Reg SCI, which the SEC adopted in 2014. Staff will examine whether the regulation — under which trading organizations and others must take security steps like backing up data — should extend to include the largest market-makers and broker-dealers. Gensler also said he asked staff to consider recommendations on bolstering the financial sector’s cybersecurity hygiene and incident reporting, how customers and clients receive notifications of financial sector breaches and how public companies disclose cybersecurity practices and risks. And he wants staff to examine how to better address cyber risk […]

The post SEC’s Gensler signals enhancement of cybersecurity, breach disclosure rules for financial sector appeared first on CyberScoop.

Continue reading SEC’s Gensler signals enhancement of cybersecurity, breach disclosure rules for financial sector→

Accenture lost ‘proprietary information’ in summer ransomware attack

Posted on October 18, 2021 by Tim Starks

Accenture has acknowledged in a filing to the Securities and Exchange Commission that outsiders extracted “proprietary information” in a cyber incident this summer. The SEC filing filed Friday provides additional detail on a breach the company first discovered on July 30 and disclosed in early August. The disclosure coincided with the ransomware gang LockBit 2.0 leaking information from the consulting giant after saying Accenture failed to pay a $50 million ransom by its deadline. CyberScoop had previously reported other details of the intrusion. “While the perpetrators were able to acquire certain documents that reference a small number of clients and certain work materials we had prepared for clients, none of the information is of a highly sensitive nature,” read an internal memo that CyberScoop obtained. A spokesperson didn’t directly answer a question about what kind of “proprietary information” the attackers stole, saying that the company’s original statement covered the matter. […]

The post Accenture lost ‘proprietary information’ in summer ransomware attack appeared first on CyberScoop.

Continue reading Accenture lost ‘proprietary information’ in summer ransomware attack→

SEC fines brokerage firms over email hacks, customer data exposure

Posted on August 31, 2021 by Tim Starks

The Securities and Exchange Commission has fined several brokerages a total of $750,000 for exposing the sensitive personal information of thousands of customers and clients after hackers took over employee email accounts. All of the companies settled the SEC charges, in three separate actions: Cetera Advisor Networks, Cetera Investment Services, Cetera Financial Specialists, Cetera Advisors, and Cetera Investment Advisers; Cambridge Investment Research and Cambridge Investment Research Advisors; and KMS Financial Services. The firms ran afoul of the SEC’s “Safeguards Rule,” which requires companies to write and adopt procedures for protecting customer records and information. “Investment advisers and broker dealers must fulfill their obligations concerning the protection of customer information,” said Kristina Littman, chief of the SEC Enforcement Division’s Cyber Unit. “It is not enough to write a policy requiring enhanced security measures if those requirements are not implemented or are only partially implemented, especially in the face of known attacks.” […]

The post SEC fines brokerage firms over email hacks, customer data exposure appeared first on CyberScoop.

Continue reading SEC fines brokerage firms over email hacks, customer data exposure→

Poly Network fully recovers assets stolen in unusual $600M cryptocurrency hack

Posted on August 26, 2021 by Tonya Riley

Poly Network has completely recovered all $610 million worth of user assets stolen by a hacker earlier this month, the company announced Thursday. In an unusual twist, the hacker returned roughly half of the assets within the first 24 hours and the rest later. The hacker had exploited a vulnerability in the company’s system that allows different chains of cryptocurrency to communicate. The hacker has claimed that he hacked the company “for fun” and had never intended to keep the money. “That’s always the plan! I am _not_ very interested in money!” he wrote in a message alongside the online transactions. “I know it hurts when people are attacked, but shouldn’t they learn something from those hacks?” The company offered the hacker a $500,000 bug bounty for finding the vulnerability as well as a role as its chief security officer, both of which he declined. The company said that it […]

The post Poly Network fully recovers assets stolen in unusual $600M cryptocurrency hack appeared first on CyberScoop.

Continue reading Poly Network fully recovers assets stolen in unusual $600M cryptocurrency hack→