Hacked companies face SEC scrutiny over disclosure, controls

[InfoSec News <alerts () infosecnews org>]

http://www.sfgate.com/business/article/Hacked-companies-face-SEC-scrutiny-over-5596541.php

By Dave Michaels
SFGate.com
July 2, 2014

The Securities and Exchange Commission has opened investigations of a 
number of companies, examining whether they properly handled and disclosed 
a growing number of cyberattacks.

The investigations are focused on whether the companies adequately guarded 
data and informed investors about the impact of breaches, according to two 
people familiar with the matter who asked not to be named because the 
probes aren't public.

Target Corp., the victim of a breach last year that allowed hackers to 
access payment data for 40 million of its customers' debit and credit 
cards, is one of the companies facing SEC scrutiny, according to company 
filings.

The prospect of enforcement actions against companies that have been 
victims of cyberattacks marks a new front in the agency's efforts to 
combat the rising threat hackers pose to public companies, brokerages and 
financial markets. Previously, the SEC had focused on guiding public 
companies on how to disclose those risks and making sure financial 
companies have adequate defenses against hackers.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/