On October 30, 2018 the New Jersey Attorney General entered into a Final Consent Judgment with ATA Consulting, doing business as Best Medical Transcription, and its owner, Tushar Mathur (collectively “Defendants”), resolving a 2016 security breach that resulted in the publication of personal health information of over 1,600 New Jersey residents. As a result of the Consent Judgment, Defendants were fined $200,000 and Mr. Mathur was permanently banned from managing or owning a business in New Jersey.
On October 16, 2018 the Securities and Exchange Commission (“SEC”) issued an investigative report following investigations of nine public issuers who were victims of cyber fraud.
On June 28, 2018 the Department of Justice (“DOJ”) and the Securities and Exchange Commission (“SEC”) announced parallel criminal and civil charges against Sudhakar Reddy Bonthu, a former software development manager, for selling his shares of Equifax stock before Equifax publicly announced that it had suffered an immense data breach.
On April 24, 2018 the Securities and Exchange Commission (“SEC”) announced a settlement with Altaba, Inc., formerly Yahoo! Inc., for misleading investors by failing to disclose a data breach in which Russian hackers stole data for hundreds of millions of Yahoo accounts. This settlement and penalty, the first by the SEC following a data breach, comes in the wake of recent SEC guidance on cybersecurity risks and disclosures.
Former Equifax Chief Information Officer Charged with Insider Trading Following Data Breach
On March 14, 2018, the Department of Justice (“DOJ”) and Securities and Exchange Commission (“SEC”) announced parallel criminal and civil charges against Jun Ying, the former Chief Information Officer of Equifax’s United States Information Systems, for selling his shares of Equifax stock before Equifax publicly announced that it had suffered an immense data breach. These charges come in the wake of recent SEC guidance on ensuring corporate insiders do not trade in securities while in possession of material nonpublic information about cybersecurity incidents.