On April 25, the Securities and Exchange Commission announced a settlement with Yahoo that constituted its first enforcement action against a public company for failing to disclose a data breach.
This settlement demonstrates that companies in post-data breach environments must … Continue Reading
Last week, as previously reported, the U.S. Securities and Exchange Commission (SEC) unanimously voted to approve additional guidance for reporting cybersecurity risks. The release of this guidance underscores the SEC’s intent to prioritize cybersecurity compliance in 2018. The SEC … Continue Reading
On Friday, May 12, the WannaCry ransomware attack struck hundreds of thousands of users across the globe, causing major disruptions in private and public networks. The attack, which encrypts a user’s files and holds them for ransom, may infect a … Continue Reading
On January 11, 2016, the Securities and Exchange Commission announced the 2016 examination priorities list. For the third year in a row, cybersecurity is a top concern, especially with regard to internal security program assessment and evaluation. This year the … Continue Reading
In late 2015, Congress passed the Fixing America’s Surface Transportation Act − a vehicle for an amendment to the Gramm-Leach-Bliley Act (GLBA) meant to eliminate the need for certain companies to provide annual privacy disclosures to consumers.
The amendment, which … Continue Reading
Federal oversight related to hacking recently made headlines when a federal court in New Jersey granted the Securities and Exchange Commission’s (SEC’s) motion to freeze assets connected to a hedge fund manager accused of hacking unpublished news releases pertaining to … Continue Reading
There once existed a time when a crew of skydiving surfers could throw on surprisingly well crafted ex-president masks, stroll into a cash-heavy bank and rob the institution blind. There was a time when the weapon of choice for a … Continue Reading
On Sept. 15, 2015, the Securities Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) published its second cybersecurity risk alert (the “2015 Risk Alert”). The 2015 Risk Alert is a follow up to the OCIE’s April 2014 cybersecurity … Continue Reading
The U.S. Securities and Exchange Commission’s (“SEC”) Division of Investment Management (“Division”) recently released a Guidance Update (“Guidance”) highlighting the importance of cybersecurity for registered investment companies (“funds”) and registered investment advisers (“advisers”). This Guidance is similar to the Department … Continue Reading
On Feb. 3, 2015, the Securities and Exchange Commission (SEC) published a Risk Alert summarizing observations gleaned from a cybersecurity examination sweep of 57 registered broker-dealers (BDs) and 49 registered investment advisers (IAs). The examination sweep followed an April 2014 … Continue Reading