Thomas A. Sporkin quoted in a Law360 article, “SEC's $35M Yahoo fine lacks bite without targeting execs”
Law360Thomas A. Sporkin
Thomas A. Sporkin was quoted on April 25, 2018 in a Law360 article, “SEC's $35M Yahoo fine lacks bite without targeting execs,” which discussed the SEC’s fining of Altaba Inc. — formerly known as Yahoo — for failing to disclose a data breach that occurred in 2014. The article stated, “The U.S. Securities and Exchange Commission on Tuesday announced the penalty against Yahoo, once a leading internet media company, saying the fine was the first issued by the agency in a case that alleged investors were misled by a company’s failure to disclose a cyberattack. The SEC said Yahoo waited until September of 2016 to disclose the information despite learning of the attack shortly after it happened in December 2014. In February, the SEC’s two Democratic commissioners criticized new guidance issued by the agency to public companies on how they should disclose their cybersecurity risks, saying much of what the commission was telling public companies was already contained in 2011 SEC guidance. Both commissioners said public companies need to be more up front with their investors about the risks they are facing, especially as the threat and cost of cyber incidents are predicted to continue rising in years to come.”
Sporkin added, “Public companies have been ‘on notice’ since that 2011 guidance was issued and companies are required to report both actual data breaches and inherent risks that could result in such incidents. Companies also need to distinguish actual breaches from cybersecurity risks in their filings. Here, given that this was an actual breach — and the largest in history — and that it wasn’t disclosed for two years, the penalty seems appropriate.”
Click here to read the full article. Subscription required.