This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice (http://www2.deloitte.com/ca/en/legal/cookies.html) for more information on the cookies we use and how to delete or block them.
The full functionality of our site is not supported on your browser version, or you may have 'compatibility mode' selected. Please turn off compatibility mode, upgrade your browser to at least Internet Explorer 9, or try using another browser such as Google Chrome or Mozilla Firefox.

Recent SEC Settlement is Cautionary Tale for Canadian Public Issuers on Disclosure of Cyberincidents and Related Risks

  • Canada Image

May 15, 2018

On May 15, 2018, McCarthy Tetrault LLP published an article on how the Securities and Exchange Commission’s (SEC) first enforcement action against a public issuer for failure to make timely disclosure of cyberincidents may be a wake-up call for Canadian public issuers and their directors and officers.

On April 24, 2018, the SEC announced that Altaba Inc. had agreed to pay a USD$35 million penalty to settle disclosure charges relating to a December 2014 cyberincident. Altaba settled without admitting or denying any wrongdoing. Among other things, the SEC settlement noted:

  • Altaba failed to properly investigate the circumstances of the breach.
  • Altaba did not share information regarding the breach with its auditors or outside counsel in order to assess the company’s disclosure obligations in its public filings.
  • Altaba did not include information regarding the breach in its quarterly or annual public filings in 2015 or 2016 even though it learned that cyberattack attempts by the same hackers continued.

Review the full article on McCarthy Tetrault's website.

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.