logo
Share

Homepage

News

R.R. Donnelley and Sons given a $2.1m charge amid data security concerns

R.R. Donnelley and Sons given a $2.1m charge amid data security concerns

24 tháng 6 2024

R.R. Donnelley & Sons Company (RRD) has been at the center of a data security case, a matter of significant regulatory concern, brought forward by the Securities and Exchange Commission (SEC).

The marketing and communications service provider has been charged with internal control failure in relation to a series of 2021 cybersecurity incidents. The investigation was led by Arsen Ablaev of the SEC Crypto Assets and Cyber Unit and Christine S. Bautista of the SEC Chicago Regional Office, underscoring the seriousness of the case.

RR Donnelley_1

R.R. Donnelley & Sons in cybersecurity case

R.R. Donnelley’s business is centered around digital standards and cybersecurity. The company has a broad portfolio of public and private sector clients across healthcare, education, legal services, and retail.

So, it would be assumed that a leading name could safeguard sensitive data, but the SEC investigation found the company lacking in many departments. The SEC order found that the company and the third-party contractors hired to build solutions did not have effective disclosure controls and procedures to report relevant cybersecurity information.

As a result, stakeholders and decision-makers at RRD were left unable to make informed decisions on security concerns and breaches in a “timely manner”, highlighting the real-world implications of the company’s data security shortcomings.

“RRD’s controls for elevating cybersecurity incidents to its management and protecting company assets from cyberattacks were insufficient,” said Jorge G. Tenreiro, Acting Chief of the Crypto Assets and Cyber Unit. “RRD did, however, cooperate with our investigation in a meaningful way, which is reflected in the terms of this settlement.”

RRD cooperates with the SEC

The company received positive feedback for being transparent during the investigation. The SEC report stated that RRD “cooperated throughout the investigation, including by reporting the cybersecurity incident to staff prior to filing a disclosure of the incident, by providing meaningful cooperation that helped expedite the staff’s investigation, and by voluntarily adopting new cybersecurity technology and controls.”

However, RRD was found guilty of breaching Section 13(b)(2)(B) of the Securities Exchange Act (SEA) of 1934 and Exchange Act Rule 13a-15a.

The company did not oppose the SEC’s findings and agreed to pay a civil penalty of $2,125,000. RRD has also stated that it will no longer be in breach of the SEA and hopes to rectify these shortcomings.

msn

Infofinance.com disclaimer:

All information on our website is for general reference only, investors need to consider and take responsibility for all their investment actions. Info Finance is not responsible for any actions of investors.
logo
InfoFinance do not provide investment advice. Please note that by investing in and/or trading financial instruments, commodities and any other assets, you are taking a high degree of risk and you can lose all your deposited money. You should engage in any such activity only if you are fully aware of the relevant risks
🏠 Contact address

1 Street 10, Thao Dien Ward, District 2, Ho Chi Minh City

🤝 Contact for cooperation
📞 Hotline