Security News

The Intercontinental Exchange will pay a $10 million penalty to settle charges brought by the U.S. Securities and Exchange Commission after failing to ensure its subsidiaries promptly reported an April 2021 VPN security breach. ICE is an American company listed on the Fortune 500 that owns and operates financial exchanges and clearing houses worldwide, including the New York Stock Exchange.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

The Securities and Exchange Commission announced the adoption of amendments to Regulation S-P to modernize and enhance the rules that govern the treatment of consumers' nonpublic personal information by certain financial institutions."These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers' financial data. The basic idea for covered firms is if you've got a breach, then you've got to notify. That's good for investors."

The Securities and Exchange Commission has adopted amendments to Regulation S-P that require certain financial institutions to disclose data breach incidents to impacted individuals within 30 days of discovery. Notify affected individuals within 30 days if their sensitive information is, or is likely to be, accessed or used without authorization, detailing the incident, breached data, and protective measures taken.

81% of respondents say the new SEC cybersecurity disclosure ruling will substantially impact their business. The SEC's new cybersecurity rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure took effect on Dec. 15, 2023.

SEC's new cybersecurity risk management, strategy, governance, and incident disclosure rules, which require increased transparency around cybersecurity incidents, have been in effect since December 18, 2023. For businesses that already harbor concerns over their cybersecurity protections, visibility, and incident response preparedness, meeting the SEC's new incident reporting rules can be a serious challenge.

The Biden administration has expressed to congressional representatives its strong opposition to undoing the Securities and Exchange Commission's strict data breach reporting rule. The SEC's rule require public companies hit by cybercriminals to report the incident within four days.

The SEC isn’t giving SaaS a free pass. Applicable public companies, known as “registrants,” are now subject to cyber incident disclosure and cybersecurity readiness requirements for data stored in...

In a motion to dismiss [PDF] the SEC's lawsuit, the embattled developer described the fraud charges leveled against it, and its CISO Tim Brown, "As unfounded as they are unprecedented." In a statement to The Register, Serrin Turner, an attorney at Latham and Watkins, which is representing SolarWinds, railed against the SEC's charges.

The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. Today, the SEC has confirmed that a cell phone account associated with the X account suffered a SIM-swapping attack.