Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home News

R.R. Donnelley Settles $2.1M SEC Charges

July 19, 2024
Reading Time: 3 mins read
in News
R.R. Donnelley Settles $2.1M SEC Charges

On July 18, 2024, the U.S. Securities and Exchange Commission (SEC) announced a settlement with R.R. Donnelley & Sons Company (RRD) for over $2.1 million. The settlement resolves allegations of inadequate cybersecurity practices related to a significant data breach that occurred in late 2021. According to the SEC, RRD’s failure to maintain effective controls for elevating cybersecurity incidents to management and protecting company assets contributed to the breach’s impact. The company’s oversight lapses, particularly in its management of security alerts from its third-party security services provider, were central to the SEC’s enforcement action.

The breach, which was initially detected on November 29, 2021, involved RRD’s third-party managed security services provider (MSSP) escalating three security alerts to RRD’s internal security team. However, RRD’s response was deemed insufficient, as the company did not address these alerts promptly or conduct a timely investigation into suspicious activities. The SEC also noted that the MSSP had reviewed but did not escalate an additional 20 alerts, further exacerbating the situation.

It was not until December 23, 2021, that RRD actively responded to the cyberattack, following a warning from a company sharing access to its network. The investigation revealed that attackers had installed encryption software on RRD’s computers and exfiltrated 70 gigabytes of data from 29 of its 22,000 clients. The compromised data included sensitive personal and financial information, leading to public disclosures about the incident starting December 27, 2021.

The SEC’s order accused RRD of violating Section 13(b)(2)(B) of the Securities Exchange Act of 1934 and Exchange Act Rule 13a-15(a), focusing on two key failures: inadequate disclosure controls and insufficient internal controls. As part of the settlement, RRD agreed to pay a $2,125,000 civil penalty and implement enhanced cybersecurity measures. Although RRD did not admit or deny the SEC’s findings, the company committed to adopting new technologies and controls to prevent future incidents. This settlement underscores the critical importance of robust and transparent cybersecurity practices in the face of increasing regulatory scrutiny.

Reference:

  • R.R. Donnelley Agrees to $2.1 Million Settlement Over 2021 Cyberattack
Tags: Cyber NewsCyber News 2024Cyber threatsCybersecurityJuly 2024R.R. DonnelleySECSecurities and Exchange CommissionUSA
ADVERTISEMENT

Related Posts

UK Government Shifts to Passkey Security

Google Deploys AI to Combat Scams on Chrome

May 9, 2025
UK Government Shifts to Passkey Security

The Nmap Project released Nmap 7.96

May 9, 2025
UK Government Shifts to Passkey Security

UK Government Shifts to Passkey Security

May 9, 2025
Kirsten Davies Nominated as Pentagon CIO

Kirsten Davies Nominated as Pentagon CIO

May 8, 2025
China’s Cyber Power Raises UK Concerns

China’s Cyber Power Raises UK Concerns

May 8, 2025
Europol Takes Down Global DDoS Services

Europol Takes Down Global DDoS Services

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial