DENVER BUSINESS JOURNAL - Yahoo’s massive data hack may become a U.S. Securities and Exchange Commission (SEC) test case for guidelines on cyber breach disclosure.
Senator Mark Warner (D-VA) asked the SEC last week to investigate whether senior executives at Yahoo (NASDAQ: YHOO) followed proper protocol in disclosing the attack, according to Reuters. In his letter, Warner observed that fewer than 100 of 9,000 public companies have disclosed a material data breach since 2010.
The SEC has never taken action against a business for failing to disclose a cybersecurity incident or threat, and it has brought just two enforcement actions against companies for insufficient data protection, an SEC spokesman said, per Reuters.
In 2011, the SEC told publicly traded companies to report hacking incidents that could have a “material adverse effect on the business.” Jacob Olcott, a former Senate Commerce Committee counsel, told Reuters that the SEC has “been looking for the right case to bring forward,” to help clarify that vague statement.