Rockefeller to Target: Why Haven't You Reported Data Breach to The Securities and Exchange Commission
Chairman continues push for better disclosure of cyber incidents
January 28, 2014
WASHINGTON, D.C.—Chairman John D. (Jay) Rockefeller IV today sent a letter to Target asking why the company has not yet reported its recent massive data breach to the Securities and Exchange Commission (SEC), as the Commission recommended in an October 2011 guidance. Rockefeller encouraged the SEC to issue this guidance, and is a strong supporter of giving investors more complete and timely information about cyber incidents such as the Target data breach.
“A data breach involving the theft of personal information about tens of millions of Target customers is clearly a material cyber attack that has affected how your business operates. I am therefore puzzled why your company has not yet updated its SEC filings to reflect this event. Your failure thus far to provide this information to your investors does not seem consistent with the spirit or the letter of the SEC’s financial disclosure rules,” Rockefeller wrote.
More recently, Rockefeller encouraged SEC Chairman Mary Jo White in April 2013 to issue Commission-level guidance to spur companies to take their cybersecurity efforts seriously. Chairman White recently asked SEC staff to review disclosure rules, saying, “I believe we should rethink not only the type of information we ask companies to disclose, but also how that information is presented, where and how that information is disclosed, and how we can take advantage of technology to facilitate investors’ access to information and make it more meaningful to them.”
Rockefeller and Senator Claire McCaskill (D-Mo.) asked Target on January 14, 2014 for the latest findings on the circumstances that permitted unauthorized access to the financial and personally identifying information of as many as 110 million Americans.
###