SEC Issues Specific Guidance on Determining Materiality for Cybersecurity Disclosures

U.S. SEC Issues Updated Guidance on Cybersecurity Disclosure Under Item 1.05 of Form 8-K

The new C&DIs address materiality determinations in instances where payments have been made to threat actors and remind companies that these decisions should take multiple factors into account. In brief, the C&DIs explain that:

—If a company experiencing a ransomware attack makes a payment that causes the cyber attack to end before a materiality determination is made, the company must still assess the materiality of the incident.

—If a company determines a ransomware attack is material and makes a payment that causes the attack to end before the company has reported the incident on Form 8-K, the company is not relieved of its requirement to report the incident.

—If a company’s cyber insurance policy covers the cost of a ransomware payment, this fact alone would not support a conclusion that the incident was immaterial.

—The amount demanded or paid in a ransomware payment should not be the sole factor in assessing the materiality of an incident.

—If a company experiences a series of ransomware attacks over time that are individually immaterial, it should consider whether any of those incidents were related, and if so, determine whether those related incidents, collectively, were material.

Man Convicted of Violent Home Invasion Robberies to Steal Cryptocurrency

A federal jury in Greensboro, North Carolina, convicted a Florida man today for his lead role in an international conspiracy to break into U.S. citizens’ homes, violently kidnap and assault them, and steal their Bitcoin and other cryptocurrency.

According to court documents and evidence presented at trial, Remy St Felix, 24, of West Palm Beach, was a leader of a robbery crew that targeted cryptocurrency owners through violent home invasions. Between September 2022 and July 2023, St Felix helped to plan and orchestrate a series of robberies in Durham, North Carolina; Florida; Texas; and New York. Victims from St Felix’s home invasions were kidnapped in their own homes and told to access and drain their cryptocurrency accounts.

Berkshire Was Too Cheap, Then Too Pricey

Market orders are famously risky, because occasionally prices surprise you. So 99.99% of the time, what happens is that you see Amalgamated Widgets stock trading at $20 per share, and you say “I would like some of that,” and you put in an order to buy 100 shares of Amalgamated Widgets at whatever the market price is, and by the time you press the button on your order and it runs through your broker’s systems and gets to the trading venue and gets filled, the price is, like, $20.01, or $20.02, or $19.98 or whatever, and you get your shares at a slightly different price from the one that you saw on the screen, and you say “ah that’s fine” or “oh well, slippage,” and you understand that pressing the buttons on your retail brokerage’s website is not an exact science but it’s good enough.

And then 0.01% of the time, what happens is that you see Berkshire Hathaway Inc. Class A shares trading at $185 per share, and you say “I would like some of that,” and you put in an order to buy 100 shares of BRK/A at whatever the market price is, and by the time the order gets filled, uh, 90 minutes later, the price is $741,971.39 per share, and you get a bill for $74 million instead of the $18,500 you expected….

Robinhood Wins as 11th Cir. Affirms ‘Meme Stock’ Suit Dismissal

Financial trading platform Robinhood Markets Inc. prevailed in a suit alleging it agreed to freeze trades of highly shorted GameStop stock options after the 11th Circuit affirmed a lower court’s dismissal of the case.

The US Court of Appeals for the 11th Circuit in a Wednesday opinion held that investor plaintiffs failed to plausibly allege an unreasonable restraint of trade because they didn’t allege harm to a relevant market.

The case hands a win to Robinhood, which has faced several legal challenges around the “short squeeze” in early 2021, when stocks rose sharply and distressed short positions.

SEC Targets AI Washing in Private Capital Markets: “Old School Fraud Using New School Buzzwords”

Until now, the SEC’s campaign against AI washing has targeted registered investment advisers, broker-dealers and public companies. For example, SEC Chair Gary Gensler declared in March 2024 that “AI washing, whether it’s by financial intermediaries such as investment advisers and broker dealers, or by companies raising money from the public, that AI washing may violate the securities laws.”

But the case against Raz demonstrates that the SEC is not limiting its scrutiny of AI representations to any particular market participants. Instead, the case makes clear that the SEC will scrutinize all AI-related claims made by any companies or firms, public or private, seeking to attract investors to raise capital. So while this matter may simply be —in the words of SEC Enforcement Director Gurbir Grewal—a case of “old school fraud using new school buzzwords,” the charges against Raz reinforce the importance of clear, accurate and comprehensive statements about the use of technology, automation, and artificial intelligence—not just for public companies, broker-dealers and investment advisers, but also for startups and smaller, private companies seeking to raise capital from sources other than the public markets.

Fictitious Law Firms Targeting Cryptocurrency Scam Victims Offering to Recover Funds

The Federal Bureau of Investigation (FBI) is issuing this announcement to inform the public of an emerging criminal tactic used to further defraud cryptocurrency scam victims. This PSA is an update to Alert Number I-081123-PSA, published on 08/11/2023, titled, “Increase in Companies Falsely Claiming an Ability to Recover Funds Lost in Cryptocurrency Investment Scams.”

Using social media or other messaging platforms, fraudsters posing as lawyers representing fictitious law firms may contact scam victims and offer their services, claiming to have the authorization to investigate fund recovery cases. To validate the contact, the “lawyers” claim they are working with, or have received information on, the scam victim’s case from the FBI, Consumer Financial Protection Bureau (CFPB), or other government agency. In some instances, scam victims have contacted fraudsters on fake websites, which appear legitimate, hoping to recover their funds.