On April 25, the Securities and Exchange Commission announced a settlement with Yahoo that constituted its first enforcement action against a public company for failing to disclose a data breach.
This settlement demonstrates that companies in post-data breach environments must engage in a thorough, fulsome analysis of whether to disclose the cybersecurity incident in their public filings. In conducting this analysis, companies face a difficult choice: disclose and face public and investor backlash, or decline to disclose and potentially face later regulatory scrutiny and/or class action stockholders’ litigation.
Please see full publication below for more information.