Recent activity by the New York Department of Financial Services (NYDFS) and the Securities and Exchange Commission (SEC) highlight the continued focus by government regulators on cybersecurity. As these and other regulators take an increasingly assertive enforcement posture, companies should be proactive about structuring their cybersecurity compliance programs to avoid fines, safeguard sensitive data, and protect their reputation.
On July 26, the Securities and Exchange Commission (“SEC”) finalized a much anticipated rule addressing cybersecurity risk management, strategy, governance, and incident disclosure. Public companies registered with the SEC will soon be required to report material cybersecurity incidents within four business days of determining the incident to be material and to make periodic disclosures regarding cybersecurity risk management, strategy, and governance.
On May 23, 2019, the United States Securities and Exchange Commission (“SEC”)’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert entitled “Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features” (the “Risk Alert”). The Risk Alert highlights the risks associated with the storage of customer records and information by broker-dealers and investment advisors on cloud-based storage platforms.
Last week, the Department of Justice (“DOJ”) and the Securities & Exchange Commission (“SEC”) announced charges connected to a large-scale, international conspiracy to hack into the SEC’s Electronic Data Gathering, Analysis and Retrieval (“EDGAR”) system and profit by trading on stolen material, non-public information. The conduct underlying these cases was one of the principal reasons that the SEC created its Division of Enforcement “Cyber Unit” to target cyber-related securities fraud violations.
The Securities and Exchange Commission (SEC) announced its most significant case ever filed against a respondent for one of the world’s largest data breaches. Albata, Inc., f/d/b/a Yahoo! Inc., (“Yahoo”) settled with the SEC to charges of violating Section 17(a)(2) and 17 (a)(3) of the Securities Act of 1933 (“Securities Act”), amongst other charges, and agreed to various remedies, including a $35 million penalty.
The Securities and Exchange Commission (SEC) obtained a court order freezing more than $27 million in proceeds from alleged illegal distributions and sales of restricted shares of a public company , and charged the company, its CEO, and three other affiliated individuals on April 6, 2018. That same day, the Nasdaq Stock Market halted trading in the company’s stock.
The SEC’s complaint alleges that shortly after the company began trading on the Nasdaq Stock Market and announced the acquisition of a purported blockchain-empowered cryptocurrency business, its stock price rose dramatically until its market capitalization exceeded $3 billion. The SEC further alleges that the CEO and the three other individual defendants then illegally sold large blocks of their restricted shares to the public while the stock price was excessively elevated and that they collectively reaped more than $27 million in profits.