Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home News

R.R. Donnelley Settles $2.1M SEC Charges

July 19, 2024
Reading Time: 3 mins read
in News
R.R. Donnelley Settles $2.1M SEC Charges

On July 18, 2024, the U.S. Securities and Exchange Commission (SEC) announced a settlement with R.R. Donnelley & Sons Company (RRD) for over $2.1 million. The settlement resolves allegations of inadequate cybersecurity practices related to a significant data breach that occurred in late 2021. According to the SEC, RRD’s failure to maintain effective controls for elevating cybersecurity incidents to management and protecting company assets contributed to the breach’s impact. The company’s oversight lapses, particularly in its management of security alerts from its third-party security services provider, were central to the SEC’s enforcement action.

The breach, which was initially detected on November 29, 2021, involved RRD’s third-party managed security services provider (MSSP) escalating three security alerts to RRD’s internal security team. However, RRD’s response was deemed insufficient, as the company did not address these alerts promptly or conduct a timely investigation into suspicious activities. The SEC also noted that the MSSP had reviewed but did not escalate an additional 20 alerts, further exacerbating the situation.

It was not until December 23, 2021, that RRD actively responded to the cyberattack, following a warning from a company sharing access to its network. The investigation revealed that attackers had installed encryption software on RRD’s computers and exfiltrated 70 gigabytes of data from 29 of its 22,000 clients. The compromised data included sensitive personal and financial information, leading to public disclosures about the incident starting December 27, 2021.

The SEC’s order accused RRD of violating Section 13(b)(2)(B) of the Securities Exchange Act of 1934 and Exchange Act Rule 13a-15(a), focusing on two key failures: inadequate disclosure controls and insufficient internal controls. As part of the settlement, RRD agreed to pay a $2,125,000 civil penalty and implement enhanced cybersecurity measures. Although RRD did not admit or deny the SEC’s findings, the company committed to adopting new technologies and controls to prevent future incidents. This settlement underscores the critical importance of robust and transparent cybersecurity practices in the face of increasing regulatory scrutiny.

Reference:

  • R.R. Donnelley Agrees to $2.1 Million Settlement Over 2021 Cyberattack
Tags: Cyber NewsCyber News 2024Cyber threatsCybersecurityJuly 2024R.R. DonnelleySECSecurities and Exchange CommissionUSA
ADVERTISEMENT

Related Posts

DoJ Seizes $2.8M from Zeppelin Hack

Microsoft Teams Boosts Security

August 18, 2025
DoJ Seizes $2.8M from Zeppelin Hack

DoJ Seizes $2.8M from Zeppelin Hack

August 18, 2025
DoJ Seizes $2.8M from Zeppelin Hack

OpenAI Prepares AI Browser Challenge

August 18, 2025
Charon Ransomware Hits Middle East

ShinyHunters, Spider Join Forces

August 15, 2025
Charon Ransomware Hits Middle East

US Updates Sanctions on Garantex

August 15, 2025
Charon Ransomware Hits Middle East

Stolen Police Emails Sold for $40

August 15, 2025

Latest Alerts

Plex Urges Users to Patch Fast

Man in the Prompt Reveals Hidden AI Threat

Fake Law Firms Exploit Crypto Victims

Zoom Patches Critical Windows Flaw

Charon Ransomware Hits Middle East

Hackers Use CrossC2 to Target Linux, macOS

Subscribe to our newsletter

    Latest Incidents

    Hackers Exploit Microsoft Flaw in Canada

    Colt Hit by Cyberattack Shuts Systems

    Workday Discloses Data Breach

    Hackers Leak Allianz Life Data

    Croatian Institute Hit by Ransomware

    Norway Dam Breached by Pro-Russian Hackers

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial