Lauren Macon

Lauren Macon is a senior associate in the firm’s Securities Litigation Group. Her practice focuses primarily on securities fraud actions, shareholder derivative suits, corporate investigations and other complex commercial litigation. Read more→

SEC Files Complaint Against Hacker, Traders in EDGAR Data Breach Case

Posted on: 18 Jan 2019

The Securities and Exchange Commission has filed a Complaint against eight traders, one alleged hacker, and others, in connection with a previously disclosed cybersecurity attack that infiltrated the SEC’s EDGAR system in 2016.  The Complaint brings claims for violations of federal securities and antifraud laws and unjust enrichment, and seeks injunctions against future securities law violations as well as disgorgement, prejudgment interest, and civil penalties. The Complaint alleges that in 2016, a Ukrainian hacker infiltrated the EDGAR system and extracted “test files” containing non-public […] Read more

SEC Investigative Report Cautions Public Companies to Consider Cyber Threats When Implementing Internal Accounting Controls

Posted on: 22 Oct 2018

The Securities and Exchange Commission issued an investigative report last week cautioning public companies to consider cyber incidents and threats when implementing internal accounting controls.  The report details the SEC Enforcement Division’s investigations of nine public companies that were victims of cyber-related fraud schemes to determine whether the companies may have violated the federal securities laws by failing to maintain a sufficient system of internal accounting controls.  Based on the investigations, the report concludes that public companies’ internal accounting controls […] Read more

SEC Adopts Statement and Interpretive Guidance on Public Company Cybersecurity Disclosures

Posted on: 23 Feb 2018

The Securities and Exchange Commission (SEC) issued a press release announcing its unanimous approval of a statement by SEC Chairman Jay Clayton and interpretive guidance (the “2018 Guidance”) to assist public companies in preparing disclosures about cybersecurity risks and incidents. This is the first interpretive guidance published by the full Commission on the topic of cybersecurity for public companies, and it may foreshadow increased SEC action to protect investors from the potential negative effects of increasingly common large-scale data breaches. The 2018 Guidance formalizes and expands […] Read more

SEC Chairman Jay Clayton Announces Data Breach of SEC Systems Which May Have Led to Insider Trading

Posted on: 25 Sep 2017

SEC Chairman Jay Clayton issued a public statement on Cybersecurity (the “Clayton Statement”) last week, disclosing a 2016 attack on the SEC’s database of corporate filings. The intrusion exploited a vulnerability in the test filing component of the EDGAR system, a document repository for disclosures from public companies and issuers, through which the intruder was able to gain access to nonpublic (and potentially sensitive) corporate information.  Though the intrusion was detected in 2016, Clayton stated that the agency learned only in August 2017 that the incident, “may have provided […] Read more

SEC Confirms Plans To Issue New Cybersecurity Disclosure Rules

Posted on: 27 Apr 2015

According to Smeeta Ramarathnam, Chief of Staff to SEC Commissioner Luis Aguilar, the SEC is currently engaging in a comprehensive re-work of its investor disclosure rules, including with respect to rules bearing on cybersecurity incident disclosure. The SEC, which is formally tasked with overseeing issues that concern market integrity and disclosure of material information, revealed its plan to overhaul its disclosure rules during an April 23 panel at the 2015 RSA Conference in San Francisco, during which Ramarathnam stated that the SEC was entering “a time of great change” with respect to […] Read more