July 1, 2024 at 03:19PM Prudential Financial disclosed a data breach to the SEC in February, initially stating that it minimally impacted residents. However, an updated notice revealed over 2.5 million individuals were compromised, far surpassing the original estimate of 36,000. Stolen information includes personal details, with legal proceedings already underway. Recovery efforts will include … Read more
June 28, 2024 at 09:18AM ICE faced a $10 million fine from the SEC for delaying reporting a VPN breach, violating compliance requirements. No clear reason for the delay was provided. The case highlights risks of bypassing compliance for quick response, showing cybersecurity’s broad business impact and insurance implications. Boards are urged to ask better … Read more
June 7, 2024 at 11:33AM SecurityWeek provides a weekly summary of cybersecurity developments, including the delay of SEC cyber disclosures, the exploitation of a TikTok zero-day vulnerability, a data breach impacting Shell through a third party, and the launch of an AI threat intelligence tool by OmniIndex. Other stories cover cyberattacks, leaked databases, mobile browser … Read more
May 29, 2024 at 06:36AM First American Financial Corporation disclosed a cyberattack compromising personal information of 44,000 individuals, impacting its subsidiaries. The company took systems offline for containment and later restoration. It informed SEC of the data breach and pledged to notify affected individuals, offer credit monitoring, and didn’t disclose the ransomware gang or payment … Read more
May 28, 2024 at 11:02AM Generative AI presents new risks, prompting the SEC to introduce cybersecurity rules for publicly traded companies. Clorox incurred $49M in costs due to a cyberattack, with ongoing financial impacts. Prudential Financial voluntarily disclosed a breach, and UnitedHealth faced a massive attack that could cost up to $1.6B. Lessons emphasize visibility, … Read more
May 24, 2024 at 09:59AM In October 2023, the SEC filed a landmark lawsuit against SolarWinds Corp. and its CISO, Timothy Brown, over alleged false statements about cybersecurity. CISOs should enhance communication with financial teams, ensure all statements are rigorously reviewed, maintain top-notch security policies, collaborate with assurance providers, and seek legal counsel amidst evolving … Read more
May 23, 2024 at 07:22AM Intercontinental Exchange (ICE) will pay a $10 million fine to settle SEC charges related to a 2021 hacker attack on its VPN, used for remote access to its network. Despite intrusion being limited to the VPN, ICE’s delay in informing NYSE and eight subsidiaries displeased SEC, resulting in the fine. … Read more
May 22, 2024 at 01:23PM The Intercontinental Exchange (ICE) has agreed to pay a $10 million penalty to settle charges by the SEC for failing to promptly report a 2021 VPN security breach. ICE, a Fortune 500 company, owns global financial exchanges and employs over 13,000 people. The breach, caused by suspected state hackers, exposed … Read more
May 17, 2024 at 02:16PM The SEC will implement new data-breach reporting regulations for financial firms, aiming to modernize consumer data protection rules. The amendments require institutions to address technology risks, develop incident response programs, and notify affected individuals of any breaches. SEC Chair Gary Gensler notes the significant changes in data breaches over the … Read more
May 17, 2024 at 01:29PM The SEC has adopted amendments to Regulation S-P requiring certain financial institutions to notify individuals of data breaches within 30 days. The changes encompass breach notification, security policies, safeguard expansion, and compliance documentation. The modifications aim to update the rule, originally established in 2000, to better protect customer financial data. … Read more