US Companies Keep Chinese Hacks A Secret

US companies hacked by Chinese didn’t tell investors (Bloomberg, 21 May 2014) – Three U.S. public companies identified as Chinese hacking victims didn’t report the theft of trade secrets and other data to investors, despite rules designed to disclose significant events. Two of the companies—aluminum maker Alcoa Inc. (AA) and metals supplier Allegheny Technologies Inc. (ATI)—said the thefts weren’t “material” to their businesses and therefore don’t have to be disclosed under Securities and Exchange Commission rules designed to give investors information that may affect share prices. “The question is would an investor have cared if Chinese hackers broke into a company and were messing around the place?” Jacob Olcott, a principal focusing on cybersecurity at Good Harbor Security Risk Management LLC in Washington, said in a phone interview. “As an investor, show me the evidence that you reviewed this thoroughly.” Scott Kimpel, a lawyer who previously worked on disclosure rules as a member of the SEC’s executive staff, said there is “a gray area where a lot of the companies are not perfectly clear on what they should be disclosing.” [ Polley : In early 2011 at least one oilfield company also decided that a cyberattack wasn’t “material” – see Exxon, Shell, BP Said to Have Been Hacked Through Chinese Internet Servers in Mirln 14.03 ]

Provided by MIRLN.

Image courtesy of