New S.E.C. focus on cyber attacks and stolen data –tips on breaches flow from whistleblowers

Yahoo’s disclosure that it was hacked in 2014 and user data of at least 500 million of accounts has yielded a possible investigation as to whether Yahoo and its senior execs properly disclosed the attack and did so in a timely fashion. The general increase in cyber attacks and stolen data and the need for increased security and timely reporting has the attention of the Securities and Exchange Commission (S.E.C.) and also of the inside whistleblowers who learn of the lost accounts and where companies are slow to disclose.

The S.E.C. whistleblower program is one of the more successful of its kind. Since the start of the SEC’s whistleblower program, the SEC has received more than 14,000 tips from whistleblowers in the United States and in 95 foreign countries, and has awarded an estimated $111 million to 34 whistleblowers. In 2016 alone, the SEC awarded over $50,500,000 to whistleblowers.  Just recently, on September 20, 2016, the SEC announced that it awarded $4 million to a whistleblower who provided original information that alerted the SEC to an alleged fraud.

The Yahoo incursion is expected to become a seminal test case for the S.E.C.. IN 2011, the agency told publicly traded companies to report hacking incidents that could have a material adverse affect on the business. In a Sept 9 S.E.C. filing Yahoo said it did not know of any incidents of or third party claims alleging unauthorized access of customers personal data that could have a material adverse affect on Verizon Communication Inc. planned $4.8 billion acquisition of Yahoo’s core business.

The S.E.C. whistleblower program is expected to yield significant tips on syberattachs not previously disclosed by publicly traded companies and the program would allow a whistleblower to collect up to 30 percent of what the government recovers from the companies in penaltes. In August 2016, the SEC awarded $22.4 million to a company insider, who disclosed alleged accounting fraud at the insider’s company.  In June 2016, the SEC awarded more than $17 million to a former employee, whose detailed tip of key original information advanced the SEC’s investigation into the whistleblower’s former employer.  In May 2016, the SEC awarded a former employee over $5 million for detailed tips that helped the SEC uncover securities violations. In May 2016, the SEC again awarded $3.5 million to a company employee, who provided additional evidence of wrongdoing that strengthened an ongoing investigation of the SEC.  In March 2016, the SEC awarded each of three whistleblowers for coming forward with information, for a total award of $2 million.

Jeffrey Newman represents whistleblowers