Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Target, others face SEC scrutiny over cyberattacks

The U.S. Securities and Exchange Commission has opened investigations of multiple companies in recent months examining whether they properly handled and disclosed a growing number of cyberattacks.

The investigations are focused on whether the companies adequately guarded data and informed investors about the impact of breaches, Bloomberg said Monday.

Target one of the companies facing SEC scrutiny, according to company filings. It suffered a significant breach last year when hackers reached payment data for 40 million customer debit and credit cards.

Enforcement actions against the targets of cyberattacks would be a new tactic for the SEC. The agency is trying to fight the rising threat hackers pose to public companies and the wider financial markets.

Previously, the SEC has focused on guiding public companies on how to disclose those risks and making sure financial companies have adequate defenses against hackers, Bloomberg said.

Target said in May that the SEC, Federal Trade Commission and states’ attorneys general are investigating the data breach, including the company’s responses. As of May 3, the cyberattack had cost Target $52 million, the company said.

There’s no explicit requirement to disclose cyberattacks. But public companies must tell investors about material events that could influence their decision to buy or sell shares.

In guidance issued three years ago, the SEC said a cyber-attack could be material if it causes a company to significantly increase what it spends to defend its systems or when intellectual property is stolen.

In March, SEC Commissioner Luis A. Aguilar urged more public disclosure of cyberattacks. Firms “should go beyond the impact on the company” and weigh the effect on others, including customers, he said.


Julie DiMauro is the executive editor of FCPA Blog and can be reached here.

Share this post


Comments are closed for this article!