[ISN] SEC Push May Yield New Disclosures of Cyber Attacks on Companies

From: InfoSec News <alerts_at_private>
Date: Tue, 10 Jan 2012 01:48:56 -0600 (CST)

By Michael Riley
Jan 9, 2012

China-based hackers rifled the computers of DuPont Co. (DD) at least 
twice in 2009 and 2010, hunting the technological secrets that made the 
company one of the world’s most successful chemical makers.

It’s not something investors would have learned from DuPont’s regulatory 
filings, or from those of other companies victimized by hackers. The 
10-K’s DuPont submitted to the U.S. Securities and Exchange Commission 
over the period don’t identify hacking as even a significant risk, much 
less reveal what two U.S. intelligence officials later said was a 
successful case of industrial espionage.

Over the next three months, as publicly traded companies file 10-K’s, 
investors may see new admissions of corporate networks being hacked 
after the SEC said companies can’t continue to hold back the details of 
those incidents.

As cyberspies from China, Russia and other countries ransack the 
computer networks of one major U.S. and European firm after the next, 
the SEC in October offered its new interpretation of disclosure 
requirements as applied to cybercrime. The amount of information that’s 
forthcoming will depend on whether company lawyers determine the 
incidents had, or will have, a material effect on the enterprise.


Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
Received on Mon Jan 09 2012 - 23:48:56 PST

This archive was generated by hypermail 2.2.0 : Mon Jan 09 2012 - 23:54:31 PST