You choose, we deliver
If you are interested in this story, you might be interested in others from The Journal Gazette. Go to www.journalgazette.net/newsletter and pick the subjects you care most about. We'll deliver your customized daily news report at 3 a.m. Fort Wayne time, right to your email.

Business

  • Consumer spending drops as car sales stall
    WASHINGTON – U.S. consumer spending fell in July, with a drop in auto purchases accounting for most of the weakness. Income growth also slowed. Consumer spending edged down 0.
  • Soaring stocks, dueling forecasts
    NEW YORK – Is it time to cash out of stocks?
  • Ford's sleek new pony off and running
    Ford began production of the all-new 2015 Mustang on Thursday, and if it sells well the Flat Rock, Michigan, assembly plant could add a third shift.There are some hurdles to overcome first.
Advertisement

SEC eyes hacking victims

Wants to ensure they spill details, protect investors

– The U.S. Securities and Exchange Commission has opened investigations of multiple companies in recent months, examining whether they properly handled and disclosed a growing number of cyberattacks.

The investigations are focused on whether the companies adequately guarded data and informed investors about the impact of breaches, according to two people familiar with the matter who asked not to be named because the probes aren’t public.

Target, which was the victim of a breach last year that gave hackers access to payment data for 40 million of its customers’ debit and credit cards, is one of the companies facing SEC scrutiny, according to company filings.

The prospect of enforcement actions against the victims of cyberattacks marks a new front in the federal agency’s efforts to combat the rising threat that hackers pose to public companies, brokerages and financial markets.

Previously, the SEC had focused on guiding public companies on how to disclose those risks and making sure financial companies have adequate defenses against hackers.

“The SEC issues subpoenas when they believe the disclosure is either incomplete or misleading,” said Linda Griggs, a partner at Morgan, Lewis & Brockius who previously worked at the SEC as chief counsel to the agency’s chief accountant. “It’s totally consistent for them to be looking at this kind of thing.”

While there isn’t an explicit requirement to disclose cyberattacks, public companies must tell investors about material events that could influence their decision to buy or sell shares.

In guidance issued three years ago, the SEC said a cyber-attack could be material if it causes a company to significantly increase what it spends to defend its systems or when intellectual property is stolen.

Companies typically prefer to keep breaches secret to avoid lawsuits from people who may have been harmed, according to Douglas Meal, a partner at Ropes & Gray who has worked with Target and others on data-security breaches.

“I really can’t think of a case, and we’ve worked on a lot, where the disclosure thinking or analysis was driven by the securities laws issues, frankly,” Meal told a panel convened by the SEC in March.

Advertisement