September 30, 2024 at 06:05PM The U.S. SEC charged U.K. citizen Robert B. Westbrook with hacking into the computer systems of five U.S. public companies, accessing confidential earnings information, and conducting insider trading. Westbrook made illegal profits of approximately $3,750,000 from 14 trades. He now faces civil and criminal charges, which may result in prison … Read more
August 9, 2024 at 01:34PM Progress (Nasdaq: PRGS) announced that the Securities and Exchange Commission’s fact-finding investigation into the MOVEit vulnerability has concluded without enforcement action recommended at this time. Progress received a subpoena on Oct. 2, 2023, from the SEC. The company empowers organizations with AI-powered infrastructure software to achieve transformational success in a … Read more
July 19, 2024 at 05:30PM The SEC lawsuit against SolarWinds and CISO Timothy Brown, accused of concealing security issues pre and post SUNBURST breach, has been dismissed by a judge. This outcome signifies a significant development in the legal proceedings. (49 words) Based on the meeting notes, it seems that there has been a development … Read more
July 18, 2024 at 06:05PM A judge dismissed part of the SEC’s case against SolarWinds and its CISO Tim Brown, post-breach, but allowed claims related to misrepresenting cybersecurity posture pre-breach to proceed. The ruling is seen as guidance for public companies in disclosing cyber incidents. SolarWinds is pleased but will defend claims in the upcoming … Read more
July 18, 2024 at 05:17PM A judge has mostly dismissed a lawsuit by America’s financial watchdog against SolarWinds and its CISO for misleading investors about computer security practices and the backdooring of its Orion product after the SUNBURST attack. The judge ruled in favor of SolarWinds on post-SUNBURST claims but sustained the SEC’s securities fraud … Read more
July 1, 2024 at 03:19PM Prudential Financial disclosed a data breach to the SEC in February, initially stating that it minimally impacted residents. However, an updated notice revealed over 2.5 million individuals were compromised, far surpassing the original estimate of 36,000. Stolen information includes personal details, with legal proceedings already underway. Recovery efforts will include … Read more
June 28, 2024 at 09:18AM ICE faced a $10 million fine from the SEC for delaying reporting a VPN breach, violating compliance requirements. No clear reason for the delay was provided. The case highlights risks of bypassing compliance for quick response, showing cybersecurity’s broad business impact and insurance implications. Boards are urged to ask better … Read more
June 7, 2024 at 11:33AM SecurityWeek provides a weekly summary of cybersecurity developments, including the delay of SEC cyber disclosures, the exploitation of a TikTok zero-day vulnerability, a data breach impacting Shell through a third party, and the launch of an AI threat intelligence tool by OmniIndex. Other stories cover cyberattacks, leaked databases, mobile browser … Read more
May 29, 2024 at 06:36AM First American Financial Corporation disclosed a cyberattack compromising personal information of 44,000 individuals, impacting its subsidiaries. The company took systems offline for containment and later restoration. It informed SEC of the data breach and pledged to notify affected individuals, offer credit monitoring, and didn’t disclose the ransomware gang or payment … Read more
May 28, 2024 at 11:02AM Generative AI presents new risks, prompting the SEC to introduce cybersecurity rules for publicly traded companies. Clorox incurred $49M in costs due to a cyberattack, with ongoing financial impacts. Prudential Financial voluntarily disclosed a breach, and UnitedHealth faced a massive attack that could cost up to $1.6B. Lessons emphasize visibility, … Read more