SEC Chairman Mary Jo White

International Hacking and Insider Trading Scheme Exposes Cybersecurity Vulnerabilities at Third-Party Vendors

On August 11, 2015, the SEC announced that it was bringing fraud charges against 32 defendants for their alleged participation in a five-year, international hacking and insider trading scheme.  According to the SEC, two Ukrainian men hacked into at least two major newswire services, stole non-public copies of embargoed corporate announcements containing quarterly and annual earnings data, and provided the announcements to 30 other defendants, who traded off the information.  In parallel actions, the U.S. Attorney’s Offices for the District of New Jersey and the Eastern District of New York also announced criminal charges against some defendants named in the SEC’s action.  The SEC’s enforcement action may be a harbinger of events to come.  As we have written, cybersecurity is emerging as the SEC’s newest area of focus for enforcement actions.

READ MORE

SEC Considering More Stringent Requirements For Cybersecurity Disclosures in the Wake of Stock Manipulating Hacking Case

Following up on clues earlier this year that the SEC may increase its scrutiny of cybersecurity disclosures, SEC Chairman Mary Jo White has asked the Commission to evaluate current guidance for cybersecurity disclosures and to consider whether more stringent requirements are necessary.  White asked the Commission to assemble a report on general practice and compliance with existing guidelines, and to make recommendations for future guidance.  White did not yet commit to changes to the current guidelines, issued in October 2011, pending issuance of the report.

Senator Jay Rockefeller, who disclosed the Chairman’s directive, has recently encouraged the SEC to provide further guidance on cybersecurity disclosures.  He has already sponsored legislation in this arena, including the Cybersecurity Act of 2012, which would have pushed the private sector to share internal information within the industry and with government agencies.  The proposed legislation in 2012 would have also encouraged the enactment of protective measures for computer networks.  Senator Rockefeller has expressed concern about the lack of information regarding cybersecurity risks, and appears poised to push for additional disclosures.  READ MORE