The SEC Says Speak Up About Hack Attacks

(Clarifies that a security breach at Quest Diagnostics potentially exposed employees' personal information, not patients'.)

It’s getting tougher for some companies to keep quiet about cyberattacks. Securities and Exchange Commission guidelines on when cyberattacks should be disclosed have become de facto rules for at least six companies, including Google (GOOG) and Amazon.com (AMZN), agency letters show. The six were asked to tell investors in future filings that intruders had breached their computer systems, according to the SEC letters sent in March, April, and May. Hacking admissions can hurt reputations, give competitors useful information, and trigger investor litigation.

In January, cyberthieves raided Amazon’s Zappos.com unit, stealing addresses and some credit-card digits from 24 million customers. Amazon initially resisted mentioning the attack in its regulatory filings, even though it had told customers about it, saying Zappos didn’t contribute material revenue to the company. When the SEC persisted, Amazon replied that “we continue to believe that the cyberattack experienced by Zappos is not covered” by the SEC’s guidance on the subject. “However, in light of the staff’s comment, we will revise our disclosure.” Craig Berman, an Amazon spokesman, declined to comment.

Google agreed in May to mention its previously disclosed cyberassault—China-based hackers raided the company’s network—in an earnings report. “We comply with all applicable disclosure rules and regulations,” says Jim Prosser, a Google spokesman. The SEC also prodded American International Group (AIG), Hartford Financial Services Group (HIG), Eastman Chemical (EMN), and Quest Diagnostics (DGX)—all of which have suffered breaches—to improve disclosures, according to letters available on the regulator’s website. “Following a request from the Securities & Exchange Commission, Eastman has enhanced its disclosure reporting regarding cyberthreats and attacks,” says spokesman Brad Belote. Spokesmen for AIG, Hartford, and Quest declined to comment.

The SEC instituted a voluntary disclosure plan in an October advisory. This year the agency has sent companies dozens of letters asking about cybersecurity disclosures and later pushing them to disclose attacks, according to spokesman John Nester. He declined to say how many companies were told to disclose attacks, as the letters aren’t all public yet. “It’s not a rule, but the SEC, by taking a policy position, can effectively create a rule,” says Peter Henning, a former SEC lawyer who teaches at Wayne State University in Detroit. “It lets companies know what it would like to happen.”

The SEC doesn’t have the authority to order companies to spend money on security controls. What it can do is make them report cyber-risks so potential investors are aware of the problems. Under securities law, companies must disclose “material” information, meaning data that might influence investors’ decisions.

Companies may have business reasons for disliking such disclosures, says Michael Perino, a securities law professor at St. John’s University in New York. “If you’re constantly having to disclose actual or potential cyberattacks against the company, that gives information to competitors, to everybody, about the vulnerabilities of the company,” he says.

The SEC can force disclosure without making rules because companies need to stay on good terms with the regulator, which reviews their financial filings and can “make things difficult,” Henning says. Resisting a letter from the agency can be costly, amounting to $250,000 in legal fees, according to Henning. “If it’s complex, your lawyers write drafts in response, you have conference calls with them,” he says. “The SEC knows that’s their power. If you want to litigate with them, it costs millions.”

The bottom line: To keep investors informed about potential risks to a business, the SEC wants companies to report cyberattacks.

View the original article here

Boehner Signs On to Payroll Tax Deal Amid Isolation, Attacks

December 26, 2011, 3:15 AM EST By Steven Sloan and Laura Litvan

Dec. 23 (Bloomberg) -- Deserted by many of his fellow Republicans, U.S. House Speaker John Boehner surrendered to attacks from President Barack Obama and congressional Democrats and agreed to a two-month extension of a payroll tax cut that he derided hours earlier.

The decision kicks the fight over extending the tax cut for 160 million U.S. workers into early next year without resolving deep divides over how to cover the cost through 2012.

Democrats are focused on imposing a new tax on income exceeding $1 million while Republicans want to cut the federal work force and freeze pay for government workers. Republicans also want to attach policies to a payroll tax cut extension -- opposed by Democrats -- such as a rewrite of the unemployment system or weaker rules for industrial emissions.

The deal that Boehner and Senate Majority Leader Harry Reid, a Nevada Democrat, agreed to yesterday includes language that calls on Obama to accelerate approval of the Keystone XL Canadian oil pipeline. Both chambers plan to pass the tax cut deal today by unanimous consent, which means most lawmakers won’t have to return to Washington over the holiday recess.

Boehner could be in a weaker position entering the 2012 negotiations after presiding over the tumult of recent days, in which Senate Republicans opposed Boehner’s stance and some House Republicans had begun to defect as well. The talks next year will unfold in the months ahead of a presidential election, making Boehner’s task more difficult.

No Time for Celebration

“I don’t think it’s a time for celebration,” the Ohio Republican told reporters yesterday. “Our economy is struggling. We’ve got a lot of work ahead of us in the coming year.”

After days of relentless attacks from Democrats and negative headlines in the press, some Republicans were pleased to see Boehner cut his losses.

“The great danger would have been if we continued,” said Representative Tom Cole of Oklahoma. “We made our points. We’ve gotten some modifications.”

The pressure for Boehner to cut a deal was building for days. Republican Senators Olympia Snowe of Maine, Scott Brown of Massachusetts, John McCain of Arizona and Bob Corker of Tennessee, criticized Boehner’s move to reject the bipartisan two-month extension after it passed the Senate on Dec. 17, just two weeks before the tax cut was set to expire.

Isolation in Opposition

Boehner became more isolated in his opposition to the Senate-passed bipartisan bill after the top Republican in the Senate, Mitch McConnell of Kentucky, issued a statement before lunchtime yesterday urging the House to pass the short-term measure.

McConnell said the House should pass a bill that averts “any disruption in the payroll tax holiday or other expiring provisions and allows Congress to work on a solution for the longer extensions.”

That statement “sealed the deal” in ending the standoff, said Brian Gardner, the senior vice president for Washington research at KBW Inc.

Boehner held a conference call with Republicans yesterday. On a similar conference call following the Dec. 17 Senate passage of the two-month extension, rank-and-file Republicans pressed Boehner to oppose the measure. They did so on Dec. 20 as the House rejected the Senate bill 229-193.

Different Tone

House Republicans who participated in yesterday’s call said the tone was much different than after the Senate vote.

“It wasn’t truly a conference call,” Representative Jack Kingston, a Georgia Republican, said. “It wasn’t a solicitation of opinion.”

Though most House Republicans still want a yearlong deal, Kingston said that it was time for the party to move forward.

“This takes the whole thing off the front page and that’s a good thing,” he said.

Some House Republicans said yesterday they don’t think Boehner’s agreement to pass the two-month extension puts him in immediate danger of losing the support of the Republican majority he leads.

Representative Sean Duffy, a freshman Republican from Wisconsin, said Boehner was trying to reflect the views of his colleagues. Duffy said he is pleased that a tax increase will be avoided in January and doesn’t think the saga would hurt Republicans in the 2012 election.

“I think the American public will look at the economy and job growth and the lack thereof,” Duffy said. “I don’t think this is an indicator of what will happen next year.

Provisions Extended

Without congressional action, the payroll tax for employees would rise in January to 6.2 percent from the current 4.2 percent. The tax funds Social Security. The deal also averts an end to emergency unemployment benefits set to expire on Dec. 31 and assures doctors their Medicare reimbursement rates won’t be reduced starting in January.

Michael Feroli, JPMorgan Chase & Co.’s New York-based chief U.S. economist, said economic growth would be reduced by 0.5 percentage points in the first quarter and 1.5 percentage points in the second quarter of 2012 if the payroll tax cut and expanded unemployment benefits weren’t continued. If they are extended for the year, he expects growth of 2.5 percent in the first half of the year, he said in a Dec. 16 note to clients.

House Ways and Means Committee Chairman Dave Camp, a Michigan Republican, will introduce the legislation in the House today that will implement the agreement.

Unanimous Consent

The measure will be brought up in the House under unanimous consent to avoid requiring lawmakers to return and could be cleared in the Senate later in the day using the same process.

The legislation includes one difference from the version passed by the Senate. A yearlong payroll tax cut extension would apply to the first $110,100 in wages. To prevent someone from shifting all their income into the first two months of the year, the Senate bill limited the tax break to the first $18,350 a worker earns.

Republicans changed the bill to apply the tax cut to the full $110,100 in wages, according to information provided by Camp’s office. That makes it easier for payroll processors to continue the tax cut if it is extended beyond February.

Workers who earn more than $18,350 during the first two months of the year will pay an additional 2 percentage point tax when they file their returns in 2013.

The bill is HR 3630.

--Editors: Jodi Schneider, Jim Rubin.

To contact the reporters on this story: Laura Litvan in Washington at llitvan@bloomberg.net; Steven Sloan in Washington at ssloan7@bloomberg.net

To contact the editor responsible for this story: Mark Silva at msilva34@bloomberg.net

View the original article here