Cybersecurity Whistleblowers – Another Thing to Consider Following a Breach. Exposing Misconduct.

Cybersecurity Whistleblowers – Another Thing to Consider Following a Breach

January 17, 2018

Companies that experience a cyber breach face several immediate and difficult challenges: quickly getting a handle on the scope of the breach, making sure that the intruder is out of their system, remediating any vulnerability, assessing what data was accessed (if any), deciding whether to reach out to law enforcement, determining whether any mandatory notification obligations have been triggered, and weighing whether to make any voluntary notification to regulators, customers, investors, etc.  One thing companies should consider adding to that list is potential whistleblowers.

The Sarbanes-Oxley Act (“SOX”), 18 U.S.C. § 1514A, protects whistleblowers when they disclose information they reasonably believe to relate to alleged mail, wire, bank, or securities fraud, or violations of SEC rules and regulations.  When a publicly-traded company experiences a major cyber event, but delays notification (as has been alleged against Equifax), a whistleblower could alert the SEC to that fact in an effort to claim a reward under the SEC’s whistleblower program.

Read more here.
The materials on this website are for general information purposes only and should not be construed as legal advice, legal opinion or any other advice on any specific facts or circumstances. Readers should not act or refrain from acting upon this information without seeking professional advice. Transmission of information on or by use of this website is not intended to create, and receipt does not constitute, a lawyer-client relationship between the sender and receiver.
Mobile Menu