Security News

The U.S. Securities and Exchange Commission (SEC) on Wednesday approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that...

Cripes, they actually sound serious Public companies that suffer a computer crime likely to cause a "material" hit to an investor will soon face a four-day time limit to disclose the incident,...

The U.S. SEC has introduced new rules for publicly traded companies to disclose cyberattacks within four business days if they are considered significant to investors. Foreign private issuers are also required to provide equivalent disclosures. SEC Chair Gary Gensler stated that consistent and comparable disclosure would benefit both companies and investors.The rules demand listed companies to include cyberattack details in periodic report filings (8-K forms). These rules will be effective from December or 30 days after publication in the Federal Register. Smaller companies will have an additional 180 days to comply. Disclosure timelines may be delayed if immediate disclosure poses a risk to national security or public safety.

The Securities and Exchange Commission (SEC) today adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material...

The US Securities and Exchange Commission has dismissed proceedings against 42 companies and individuals after admitting that its enforcement staff accessed documents that were supposed to be for judges' eyes only. All 42 [PDF] of the now-dismissed cases were slated to be heard by the watchdog agency's in-house court - which is supposed to remain strictly separate from the SEC's enforcement staff.

More than 80 law firms say they are "Deeply troubled" by the US Securities and Exchange Commission's demand that Covington & Burling hand over names of its clients whose information was stolen by Chinese state-sponsored hackers. In an amicus brief filed this week, 83 firms with a total of more than 50,000 attorneys employed backed their fellow lawyers in Covington's ongoing battle with America's financial watchdog.

The US Securities and Exchange Commission has sued international law firm Covington & Burling for details about 298 of the biz's clients whose information was accessed by a Chinese state-sponsored hacking group in November 2020. In March 2022, the SEC issued a subpoena asking Covington to hand over information about the security breach including, among other things, all of the affected clients' names, and the amount of information that was accessed or stolen, and communications between the law firm and the clients about the exfiltration.

Eight braggadocious social media influencers fond of posing next to sportscars are facing charges from the US Securities and Exchange Commission and Department of Justice, who claim they manipulated their 1.5 million followers in order to help themselves to $100 million in "Fraudulent profits." The suspects, all men in their twenties and thirties, were charged with conspiracy to commit securities fraud in connection with a long-running, social media-based "Pump and dump" scheme, a recently unsealed Texas federal grand jury indictment [PDF] and an SEC complaint [PDF] revealed.

SolarWinds has agreed to pay $26 million to settle a shareholder lawsuit, and it's also expecting to be slapped with an enforcement action by Uncle Sam - both related to its infamous 2020 supply chain security fiasco, according to the software maker's most recent US regulatory filing. At the end of October, SolarWinds reached a deal with investors who sued the company, alleging they were misled about its security posture in advance of the Russian cyberattack on the business, according to an 8-K filing [PDF] with the US Securities and Exchange Commission.

SEC fines Morgan Stanley Smith Barney $35 million over failure to secure customer data We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. In a notice posted Monday, the SEC announced that the company consented to the agency's finding that it violated federal regulations regarding the safeguarding and disposal of customer data.