The SEC Says Speak Up About Hack Attacks

Amazon, Google, and others are told to report security breaches
Photo illustration by Caroline Purser/Getty Images

It’s getting tougher for some companies to keep quiet about cyberattacks. Securities and Exchange Commission guidelines on when cyberattacks should be disclosed have become de facto rules for at least six companies, including Google and, agency letters show. The six were asked to tell investors in future filings that intruders had breached their computer systems, according to the SEC letters sent in March, April, and May. Hacking admissions can hurt reputations, give competitors useful information, and trigger investor litigation.

To continue reading this article you must be a Bloomberg Professional Service Subscriber.