Recent SEC Settlement is Cautionary Tale for Canadian Public Issuers on Disclosure of Cyberincidents and Related Risks

  • Canada Image

May 15, 2018

On May 15, 2018, McCarthy Tetrault LLP published an article on how the Securities and Exchange Commission’s (SEC) first enforcement action against a public issuer for failure to make timely disclosure of cyberincidents may be a wake-up call for Canadian public issuers and their directors and officers.

On April 24, 2018, the SEC announced that Altaba Inc. had agreed to pay a USD$35 million penalty to settle disclosure charges relating to a December 2014 cyberincident. Altaba settled without admitting or denying any wrongdoing. Among other things, the SEC settlement noted:

  • Altaba failed to properly investigate the circumstances of the breach.
  • Altaba did not share information regarding the breach with its auditors or outside counsel in order to assess the company’s disclosure obligations in its public filings.
  • Altaba did not include information regarding the breach in its quarterly or annual public filings in 2015 or 2016 even though it learned that cyberattack attempts by the same hackers continued.

Review the full article on McCarthy Tetrault's website.

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.