The U.S. Securities and Exchange Commission and Altaba Inc., (formerly known as Yahoo! Inc), came to a $35 million settlement over the company's alleged failure to disclose a massive data breach that was discovered in 2014 but, according to the commission, was not reported to investors until 2016.

Attorneys who work on cybersecurity matters believe this action will be far from the last of its kind—and that the SEC will continue to pursue publicly traded companies that it believes are not keeping investors informed enough.

Ed McAndrew, partner at Ballard Spahr, said that attorneys should be more careful in how they speak about cybersecurity. What got Yahoo in trouble, he said, is that the company wrote in its quarterly and annual filings "we may be at risk for future data breaches."

"That language is going to be problematic where there is any type of significant data breach," McAndrew said. "In-house lawyers are going to have to be much more careful that they are not misrepresenting, by omission, cyber incident history."

Read the full article here. Subscription may be required.


Related Practice