Securities and Exchange Commission guidelines on when companies should disclose cyber-attacks have become de facto rules for at least six companies, including Google Inc. and Amazon.com Inc., agency letters show.
The six companies were asked to break silence and tell investors in future filings that intruders had breached their computer systems, according to the SEC letters. Companies such as Amazon argued that the attacks weren't important enough to reveal. Hacking admissions can hurt reputations, give competitors useful information and trigger investor litigation.
Before the requests, Seattle-based Amazon, the largest Internet retailer, hadn't said in its reports that cyber-thieves had raided its Zappos.com unit, stealing addresses and some credit card digits from 24 million customers in January. In April, Amazon was asked by the SEC to disclose the cyber-raid in its next quarterly filing, which it did.
Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.
Your access to unlimited Treasury & Risk content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical Treasury & Risk information including in-depth analysis of treasury and finance best practices, case studies with corporate innovators, informative newsletters, educational webcasts and videos, and resources from industry leaders.
- Exclusive discounts on ALM and Treasury & Risk events.
- Access to other award-winning ALM websites including PropertyCasualty360.com and Law.com.
*May exclude premium content
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
