Category Archives: Securities and Exchange Commission (SEC)

SEC, education company Pearson settle charges over 2018 security incident for $1 million

Posted on by

British educational software company Pearson settled charges with the U.S. Securities and Exchange Commission for $1 million over it “misleading” handling of a 2018 data breach, the SEC announced Monday. The SEC based its charges on a July, 2019 disclosure to the agency that a hypothetical “data privacy incident” could “result in a major data privacy or confidentiality breach” when the company had in fact already been breached and known about it for months, among other statements. In its public response to the incident, which involved the theft of student information and administrator log-in accounts for 13,000 district, school and university customer accounts, Pearson also left out details about the extent of the stolen information, the SEC said. Pearson claimed to have “strict protections” in place even though it had left a critical vulnerability unpatched for six months that the hackers exploited, along with other poor security practices cited by […]

The post SEC, education company Pearson settle charges over 2018 security incident for $1 million appeared first on CyberScoop.

Continue reading SEC, education company Pearson settle charges over 2018 security incident for $1 million

SEC settles with First American over massive data leak for nearly $500,000

Posted on by

The Securities and Exchange Commission announced Tuesday that it has settled charges with First American Financial over its 2019 leak of sensitive customer information that exposed more than 800 million document images. Under the terms of the deal, the heavyweight real estate title insurance company will pay a $487,616 fine. The SEC had charged the company with inadequately disclosing the cybersecurity vulnerability that exposed the information. The digitized records included things like Social Security numbers and bank account statements. First American first made public statements about the vulnerability in May 2019 but the company’s information security personnel had first spotted it in January, and according to the SEC they didn’t fix it and failed to notify company brass. “As a result of First American’s deficient disclosure controls, senior management was completely unaware of this vulnerability and the company’s failure to remediate it,” said Kristina Littman, chief of the SEC Enforcement […]

The post SEC settles with First American over massive data leak for nearly $500,000 appeared first on CyberScoop.

Continue reading SEC settles with First American over massive data leak for nearly $500,000

Experts suggest French insurer AXA’s plan to shun ransomware payouts will set a precedent

Posted on by

When French insurer AXA signaled last week that it would no longer write new cyber-insurance policies covering  extortion payouts to criminals, ransomware and cyber insurance experts had two reactions. They wondered why it took so long, and how long it would take others to follow suit. Ransomware is an ever-increasing cause of cyber-insurance claims, according to industry estimates, and having such insurance may make policyholders more likely to be attacked. A representative of the REvil ransomware gang said in a March interview that the group specifically targets victims known to have cyber-insurance, because they’re “one of the tastiest morsels” who can more easily afford to pay. In perhaps the biggest ransomware payment of 2020, smartwatch maker Garmin paid a reported $10 million and said it wasn’t sure how much its insurance would cover of all the costs, which it didn’t enumerate by type of expense.  Those conditions can perpetuate themselves. […]

The post Experts suggest French insurer AXA’s plan to shun ransomware payouts will set a precedent appeared first on CyberScoop.

Continue reading Experts suggest French insurer AXA’s plan to shun ransomware payouts will set a precedent

SpaceX engineer makes a first with dark web securities violations case

Posted on by

First, U.S. authorities say, SpaceX engineer James Roland Jones tried to fake his way into a dark web insider trading forum, but that didn’t work out very well. Afterward, he still managed to sell fake insider trading information on the dark web anyway, according to the Securities and Exchange Commission. And on top of that, he bought sensitive personal information from a hard-to-reach forum with the goal of making transactions based on purported insider info, according to the Justice Department. (U.S. authorities did not disclose the names of the companies from which Jones claimed to have inside information.) Now, after the FBI used some of Jones’ own methods on him, he has pleaded guilty on charges of conspiracy to commit securities fraud. And the SEC has filed a complaint against the man who also went by the name “MillionaireMike” seeking to recoup his ill-gotten gains and civil penalties. It’s all […]

The post SpaceX engineer makes a first with dark web securities violations case appeared first on CyberScoop.

Continue reading SpaceX engineer makes a first with dark web securities violations case

Molson Coors says cyberattack disrupted beer brewing

Posted on by

Molson Coors confirmed in a regulatory filing on Thursday that it suffered a cyberattack that disrupted its beer production, and it may not be out of the woods yet. “Although the Company is actively managing this cybersecurity incident, it has caused and may continue to cause a delay or disruption to parts of the Company’s business, including its brewery operations, production, and shipments,” the company said in a Securities and Exchange Commission disclosure. The SEC filing also said that Molson Coors had contacted “leading forensic information technology firms and legal counsel” and was “working around the clock” to restore full operations. The company reported net sales of nearly $12 billion in 2020, and is one of the largest beer brewers in the U.S. The company was remarkably vague. It didn’t say what kind of attack, where it happened, which systems were affected or when it began. Local media near a […]

The post Molson Coors says cyberattack disrupted beer brewing appeared first on CyberScoop.

Continue reading Molson Coors says cyberattack disrupted beer brewing

SolarWinds hack spotlights a thorny legal problem: Who to blame for espionage?

Posted on by

Every massive breach comes with a trail of lawsuits and regulatory ramifications that can last for years. Home Depot, for instance, only last month settled with a group of state attorneys general over its 2014 breach. The SolarWinds security incident that U.S. officials have pinned on state-sponsored Russian hackers is unlike anything that came before, legal experts say, meaning the legal liability could take even longer to resolve in court. As Congress, federal government departments and corporations reckon with the vast sweep of the SolarWinds breach, there are still many more questions than answers. Fewer pieces of it are less certain than how it might play out in court, where companies and individuals alike stand to gain or lose. Many millions of dollars, corporate blame and years of finger-pointing are on the line. That’s because the targets — government agencies, and some major companies — aren’t the usual kind of […]

The post SolarWinds hack spotlights a thorny legal problem: Who to blame for espionage? appeared first on CyberScoop.

Continue reading SolarWinds hack spotlights a thorny legal problem: Who to blame for espionage?

Not all cyberattacks are created equal: What researchers learned from 103 ‘extreme’ events

Posted on by

There’s a relatively small swath of cyberattacks mixed among the more common variety that are truly extreme, costing tens of million of dollars and beyond, or exposing millions of records. A report out Tuesday identified a little over 100 that fit that description over the past five years. The researchers learned that these massive events cost a median of $47 million and usually came via straightforward hacks or ransomware. They appear to be growing more frequent, and nation-state hackers are behind them to a surprising degree, the report says. But the report from the Cyentia Insitute, a data science firm, also found that these extreme attacks don’t affect all their targets in the same way. Some cost companies nearly 100 times their revenue, while others were still just a drop in the bucket, costing as little as 0.1 % of their revenue. And the financial, information and manufacturing sectors accounted for more than half of the 103 incidents. “What […]

The post Not all cyberattacks are created equal: What researchers learned from 103 ‘extreme’ events appeared first on CyberScoop.

Continue reading Not all cyberattacks are created equal: What researchers learned from 103 ‘extreme’ events

Nothing is sacred: Ransomware attack hit toy maker Mattel’s systems this summer

Posted on by

Count the company behind Barbie dolls and Fisher-Price toys among the ever-growing list of digital extortion victims. A ransomware attack struck toy manufacturer Mattel this summer, the company said in a financial disclosure to the U.S. Securities and Exchange Commission. In a year when ransomware has threatened elections, hospitals and schools, the attack on Mattel demonstrates once more that the attack method is leaving no kind of target untouched. In its Nov. 3 quarterly report, Mattel said it emerged from the attack largely unscathed, however. It discovered the intrusion on July 28, when a number of its IT systems became encrypted. “Promptly upon detection of the attack, Mattel began enacting its response protocols and taking a series of measures to stop the attack and restore impacted systems,” the company said. “Mattel contained the attack and, although some business functions were temporarily impacted, Mattel restored its operations.” The report continued: “A forensic investigation of the […]

The post Nothing is sacred: Ransomware attack hit toy maker Mattel’s systems this summer appeared first on CyberScoop.

Continue reading Nothing is sacred: Ransomware attack hit toy maker Mattel’s systems this summer