Recent 10-Ks mentioning "cyber" incidents

Image credit: brixton

I’m on record as predicting greater disclosure by firms of actual hacking attempts (irrespective of materiality or “success”) in SEC-mandated disclosure filings.

Here’s an undoubtedly very incomplete list of recent such disclosures I put together last night. Many of these lack real details (they are what one colleague calls “non-disclosure disclosures”). Uncharacteristically, I take a somewhat less pessimistic view, and think things are moving in a positive direction. What we have is not what we will have, and it’s better than what we used to have (which was zero).

Anyway, here’s my little list.

Citi mentions DoS campaign, recent hacking attempts http://www.sec.gov/Archives/edgar/data/831001/000120677413000852/citigroup_10k.htm

Verisign notes actual attempts, previously disclosed 2011 incident http://www.sec.gov/Archives/edgar/data/1014473/000101447313000006/vrsn-20121231x10k.htm

MetLife notes actual attempts http://www.sec.gov/Archives/edgar/data/1099219/000119312513077792/d450627d10k.htm

Bank of Hawaii notes actual attempts, including DoS attack http://www.sec.gov/Archives/edgar/data/46195/000004619513000008/bankofhawaii10k12312012.htm

Amex notes increasingly sophisticated criminal methods aimed at obtaining cardholder information http://www.sec.gov/Archives/edgar/data/4962/000119312513070554/d486442d10k.htm

Travelers notes actual attempts http://www.sec.gov/Archives/edgar/data/86312/000104746913001211/a2212764z10-k.htm

NYT does the expected, acks state-sponsored cyber-attack in latest 10-K http://www.sec.gov/Archives/edgar/data/71691/000007169113000004/a2012form10-k.htm

Goldman Sachs acknowledges actual attempts http://www.sec.gov/Archives/edgar/data/886982/000119312513085474/d446679d10k.htm

CME group acknowledges some successful attacks http://www.sec.gov/Archives/edgar/data/1156375/000115637513000007/cme-2012123110k.htm

BONY Mellon acknowledges actual attempts http://www.sec.gov/Archives/edgar/data/1390777/000119312513084562/d448545dex131.htm

JP Morgan Chase acknowledges actual attacks http://www.sec.gov/Archives/edgar/data/19617/000001961713000221/corp10k2012.htm

Bank of America acknowledges actual attacks http://www.sec.gov/Archives/edgar/data/70858/000007085813000097/bac-12312012x10k.htm

Zions Bancorporation acknowledges attacks http://www.sec.gov/Archives/edgar/data/109380/000010938013000081/zion-20121231x10k.htm

Churchill Downs says it has been a hacking target http://www.sec.gov/Archives/edgar/data/20212/000002021213000007/chdn2012123110k.htm

SunTrust acknowledges actual incidents http://www.sec.gov/Archives/edgar/data/750556/000075055613000052/sti-123112x10k.htm

Priceline.com acknowledges actual incident http://www.sec.gov/Archives/edgar/data/1075531/000107553113000011/pcln-20121231_10k.htm

Yelp acknowledges attempts http://www.sec.gov/Archives/edgar/data/1345016/000120677413000790/yelp_10k.htm

A sophisticated machine learning algorithm selects these as possible accompaniments: