DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

SEC Charges R.R. Donnelley for Ransomware Attack Response

Posted on June 25, 2024 by Dissent

Hunton Andrews Kurth writes:

On June 18, 2024, the U.S. Securities and Exchange Commission (“SEC”) announced a settlement with R.R. Donnelley & Sons Co. (“RRD”), a global provider of business communication and marketing services, for violating the internal controls and disclosure controls provisions of federal securities laws in relation to Donnelley’s response to a 2021 ransomware attack. The settlement requires RRD to pay a civil monetary penalty of $2.125 million and cease and desist from further violations of Section 13(b)(2)(B) of the Securities Exchange Act of 1934 and Exchange Act Rule 13a-15(a).

During the relevant period of time, RRD was a publicly traded company subject to the SEC’s disclosure and periodic reporting requirements. According to the SEC’s order, RRD’s cybersecurity intrusion detection systems issued a high volume of complex alerts each month. RRD’s third-party managed security services provider (the “SSP”) did an initial review of the alerts and escalated certain of them to RRD, but the SEC’s order alleged that RDD did not reasonably manage the SSP’s allocation of resources or maintain sufficient audit and oversight procedures with respect to the SSP. These issues came to a head when RRD experienced a ransomware attack in late 2021. Starting November 29, 2021, the SEC alleged that RRD’s internal intrusion detection systems began issuing alerts about certain malware in the RRD network, which were visible to both RRD’s and the SSP’s security personnel. According to the order, the SSP escalated three of alerts to RRD’s internal security personnel, noting: (1) the indications that similar activity was taking place on multiple computers; (2) connections to a broad phishing campaign; and (3) open-source intelligence that the malware was capable of facilitating remote execution of arbitrary code

Read more at Privacy & Information Security Law Blog.

Category: MalwareOf NoteU.S.

Post navigation

← Cyber Attack on Synnovis Pathology Lab Traced to Longstanding Known Weaknesses at London Hospitals
If the insider threat is at your vendor, could you discover it quickly? →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Western intelligence agencies unite to expose Russian hacking campaign against logistics and tech firms
  • Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • Privilege Under Fire: Protecting Forensic Reports in the Wake of a Data Breach
  • Hacker who breached communications app used by Trump aide stole data from across US government
  • Massachusetts hacker to plead guilty to PowerSchool data breach (1)
  • Cyberattack brings down Kettering Health phone lines, MyChart patient portal access (1)
  • Gujarat ATS arrests 18-year-old for cyberattacks during Operation Sindoor
  • Hackers Nab 15 Years of UK Legal Aid Applicant Data
  • Supplier to major UK supermarkets Aldi, Tesco & Sainsbury’s hit by cyber attack with ransom demand

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach
  • Drugmaker Regeneron to acquire 23andMe out of bankruptcy
  • Massachusetts Senate Committee Approves Robust Comprehensive Privacy Law

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.