The SEC Imposed its First Data-Breach Related Disclosure Penalty

On the heels of the Securities and Exchange Commission (SEC) February 20, 2018 guidance on cybersecurity-related disclosures, the SEC imposed its first data breach related enforcement penalty. It should come as no surprise that the SEC’s first penalty was levied against Yahoo arising from its massive 2014 data breach. The $35 million penalty was, as the SEC stated in its April 24 press release, intended “to settle charges that [Yahoo] misled investors by failing to disclose one of the world’s largest data breaches… Continue Reading