Recent 10-Ks mentioning "cyber" incidents
Image credit: brixton
I’m on record as predicting greater disclosure by firms of actual hacking attempts (irrespective of materiality or “success”) in SEC-mandated disclosure filings.
Here’s an undoubtedly very incomplete list of recent such disclosures I put together last night. Many of these lack real details (they are what one colleague calls “non-disclosure disclosures”). Uncharacteristically, I take a somewhat less pessimistic view, and think things are moving in a positive direction. What we have is not what we will have, and it’s better than what we used to have (which was zero).
Anyway, here’s my little list.
Citi mentions DoS campaign, recent hacking attempts http://www.sec.gov/Archives/edgar/data/831001/000120677413000852/citigroup_10k.htm
Verisign notes actual attempts, previously disclosed 2011 incident http://www.sec.gov/Archives/edgar/data/1014473/000101447313000006/vrsn-20121231x10k.htm
MetLife notes actual attempts http://www.sec.gov/Archives/edgar/data/1099219/000119312513077792/d450627d10k.htm
Bank of Hawaii notes actual attempts, including DoS attack http://www.sec.gov/Archives/edgar/data/46195/000004619513000008/bankofhawaii10k12312012.htm
Amex notes increasingly sophisticated criminal methods aimed at obtaining cardholder information http://www.sec.gov/Archives/edgar/data/4962/000119312513070554/d486442d10k.htm
Travelers notes actual attempts http://www.sec.gov/Archives/edgar/data/86312/000104746913001211/a2212764z10-k.htm
NYT does the expected, acks state-sponsored cyber-attack in latest 10-K http://www.sec.gov/Archives/edgar/data/71691/000007169113000004/a2012form10-k.htm
Goldman Sachs acknowledges actual attempts http://www.sec.gov/Archives/edgar/data/886982/000119312513085474/d446679d10k.htm
CME group acknowledges some successful attacks http://www.sec.gov/Archives/edgar/data/1156375/000115637513000007/cme-2012123110k.htm
BONY Mellon acknowledges actual attempts http://www.sec.gov/Archives/edgar/data/1390777/000119312513084562/d448545dex131.htm
JP Morgan Chase acknowledges actual attacks http://www.sec.gov/Archives/edgar/data/19617/000001961713000221/corp10k2012.htm
Bank of America acknowledges actual attacks http://www.sec.gov/Archives/edgar/data/70858/000007085813000097/bac-12312012x10k.htm
Zions Bancorporation acknowledges attacks http://www.sec.gov/Archives/edgar/data/109380/000010938013000081/zion-20121231x10k.htm
Churchill Downs says it has been a hacking target http://www.sec.gov/Archives/edgar/data/20212/000002021213000007/chdn2012123110k.htm
SunTrust acknowledges actual incidents http://www.sec.gov/Archives/edgar/data/750556/000075055613000052/sti-123112x10k.htm
Priceline.com acknowledges actual incident http://www.sec.gov/Archives/edgar/data/1075531/000107553113000011/pcln-20121231_10k.htm
Yelp acknowledges attempts http://www.sec.gov/Archives/edgar/data/1345016/000120677413000790/yelp_10k.htm