United States officials at the Securities and Exchange Commission and Department of Justice recently filed civil and criminal actions in the largest hacking and securities fraud scheme of its kind ever prosecuted. Defendants in the actions were charged with an international scheme to hack into three business newswires and steal press releases that were not yet published containing non-public financial information that was then used to make trades that allegedly generated millions of dollars in illegal profits.
The development is a clear signal to companies of the need to ensure that adequate internal controls are in place covering data transfer at all stages of the use-and-life cycle. A strong cybersecurity program is essential for companies to protect valuable and sensitive information and to avoid possible enforcement actions, fines, reputational harm, loss of business, and class action or other lawsuits brought for damages suffered by customers or clients. Read more about the implications of the case, other recent enforcement developments, and responding to data security breaches in our LawFlash: SEC and DOJ Hacking Prosecutions Highlight SEC’s Increased Interest in Cybersecurity Risks.