According to a Bloomberg report, three public companies in the US who were named as victims of economic hacking by Chinese military officers have failed to inform a security breach of their trade secrets and other confidential data. As per US Securities and Exchange Commission rules, US public companies are required to inform significant events that could affect share prices.
Two of the companies, Alcoa Inc and Allegheny Technologies, have said that the thefts done by the Chinese officers were not material enough to warrant an investor disclosure under SEC rules.
Principal Jacob Olcott focusing on cybersecurity at Good Harbor Security Risk Management LLC in Washington said about the companies' disclosure failure, "The question is would an investor have cared if Chinese hackers broke into a company and were messing around the place?. As an investor, show me the evidence that you reviewed this thoroughly."
On May 19, the US Justice Department had unveiled an indictment claiming that five Chinese military officials were involved in a conspiracy to acquire trade secrets and other information from US nuclear power, metals and solar industries to give a leg up to competitors in the mainland. Attorney General Eric Holder has dubbed the loss as significant.
On the other hand, the indictment opened debate on how to sharpen disclosure rules as retailers and banks had reacted slowly with their release of information to the public about cyber-attack incidents that involved customer data.
Hunton & Williams LLP partner Scott Kimpel, who once worked on disclosure rules as a member of SEC's executive staff, posits this concern to Bloomberg, "(There is) a gray area where a lot of the companies are not perfectly clear on what they should be disclosing. What it would take is an enforcement action against someone prominent Until then you are going to continue to see the same approach taken by companies and the commission."