Alston & Bird Privacy, Cyber & Data Strategy Blog

Securities and Exchange Commission

Critical Audit Matters Disclosure Implicates Information Technology and Security

By

As independent auditors to public companies and business development companies begin to make required disclosure of Critical Audit Matters (CAMs) to the audit committee, such reports are beginning to include discussion of information security programs and information technology controls.  Independent auditors have treated material weaknesses in certain information technology controls as material weaknesses in internal […]

SEC Files Complaint Against Hacker, Traders in EDGAR Data Breach Case

By

The Securities and Exchange Commission has filed a Complaint against eight traders, one alleged hacker, and others, in connection with a previously disclosed cybersecurity attack that infiltrated the SEC’s EDGAR system in 2016.  The Complaint brings claims for violations of federal securities and antifraud laws and unjust enrichment, and seeks injunctions against future securities law […]

SEC Investigative Report Cautions Public Companies to Consider Cyber Threats When Implementing Internal Accounting Controls

By and

The Securities and Exchange Commission issued an investigative report last week cautioning public companies to consider cyber incidents and threats when implementing internal accounting controls.  The report details the SEC Enforcement Division’s investigations of nine public companies that were victims of cyber-related fraud schemes to determine whether the companies may have violated the federal securities […]

SEC Brings First Enforcement Action for Violation of the Identity Theft Red Flags Rule

By and

On September 26, 2018, the SEC brought its first ever enforcement action for violations of Regulation S-ID (the “Identity Theft Red Flags Rule”), 17 C.F.R. § 248.201, in addition to violations of Regulation S-P, 17 C.F.R. 30(a) (the “Safeguards Rule”). Regulation S-ID and Regulation S-P apply to SEC-registered broker-dealers, investment companies, and investment advisers, and […]

SEC Announces Its First Enforcement Action Over Cyber-related Disclosures

By

The Securities and Exchange Commission’s $35 million settlement with Altaba Inc., the successor in interest to Yahoo! Inc., is the first civil penalty of its kind for a data breach and underscores the agency’s increasing focus on public companies’ cybersecurity disclosure obligations. A cross-practice team from our Securities Litigation and Cybersecurity Preparedness & Response groups […]