You choose, we deliver
If you are interested in this story, you might be interested in others from The Journal Gazette. Go to and pick the subjects you care most about. We'll deliver your customized daily news report at 3 a.m. Fort Wayne time, right to your email.


  • Column: OPEC swamps crude-oil prices
    Crude-oil prices collapsed to a four-year low on Thanksgiving Day, dropping as low as $67.75 per barrel after the Organization of the Petroleum Exporting Countries decided to leave production targets unchanged at its most recent meeting.
  • Who's in charge of Black Friday?
    What about those store managers in charge of making sure merchandise is on the shelves? The Journal Gazette spent some time with a Meijer store director on Friday to get a glimpse into his Black Friday.
  • Oil plunge a panacea for crude-reliant Asia
    A renewed plunge in oil prices is a worrying sign of weakness in the global economy that could shake governments dependent on oil revenues. It is also a panacea as pump prices fall, giving individuals more disposable income and lowering costs for

SEC eyes hacking victims

Wants to ensure they spill details, protect investors

– The U.S. Securities and Exchange Commission has opened investigations of multiple companies in recent months, examining whether they properly handled and disclosed a growing number of cyberattacks.

The investigations are focused on whether the companies adequately guarded data and informed investors about the impact of breaches, according to two people familiar with the matter who asked not to be named because the probes aren’t public.

Target, which was the victim of a breach last year that gave hackers access to payment data for 40 million of its customers’ debit and credit cards, is one of the companies facing SEC scrutiny, according to company filings.

The prospect of enforcement actions against the victims of cyberattacks marks a new front in the federal agency’s efforts to combat the rising threat that hackers pose to public companies, brokerages and financial markets.

Previously, the SEC had focused on guiding public companies on how to disclose those risks and making sure financial companies have adequate defenses against hackers.

“The SEC issues subpoenas when they believe the disclosure is either incomplete or misleading,” said Linda Griggs, a partner at Morgan, Lewis & Brockius who previously worked at the SEC as chief counsel to the agency’s chief accountant. “It’s totally consistent for them to be looking at this kind of thing.”

While there isn’t an explicit requirement to disclose cyberattacks, public companies must tell investors about material events that could influence their decision to buy or sell shares.

In guidance issued three years ago, the SEC said a cyber-attack could be material if it causes a company to significantly increase what it spends to defend its systems or when intellectual property is stolen.

Companies typically prefer to keep breaches secret to avoid lawsuits from people who may have been harmed, according to Douglas Meal, a partner at Ropes & Gray who has worked with Target and others on data-security breaches.

“I really can’t think of a case, and we’ve worked on a lot, where the disclosure thinking or analysis was driven by the securities laws issues, frankly,” Meal told a panel convened by the SEC in March.