SEC orders R.R. Donnelley to pay $2.1M over cyber-related control violations
By 
Jeff Dale2024-06-20T14:45:00
A business communications and marketing services company agreed to pay more than $2 million to settle charges levied by the Securities and Exchange Commission (SEC) over cybersecurity-related control violations.
Chicago-based R.R. Donnelley & Sons Company (RRD) agreed to cease and desist from further violations in reaching the settlement, the SEC announced in a press release Tuesday. RRD failed to “design effective disclosure controls and procedures to report relevant cybersecurity information to management with the responsibility for making disclosure decisions and failed to carefully assess and respond to alerts of unusual activity in a timely manner,” the SEC alleged.
The agency acknowledged the firm’s prompt reporting of a ransomware incident to agency staff before public disclosure, cooperation throughout the investigation, and voluntarily adopting new cybersecurity technology and controls.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
PremiumSolarWinds partial dismissal casts doubt on SEC Cybersecurity Rule
A partial dismissal of charges levied by the Securities and Exchange Commission against Solarwinds has cast doubt about the breadth of the SEC's Cybersecurity Rule.
-
News BriefFCC fines Charter Communications $15M over failing to report 911 outages
Charter Communications agreed to pay $15 million and put in place a “robust” compliance plan, including cybersecurity upgrades, to settle allegations it didn’t comply with emergency 911 and network outage notification rules, the Federal Communications Commission announced.
-
News BriefDOJ orders consultants to pay $11.3M total for cyber rule violations
Guidehouse and Nan McKay and Associates will pay a total of $11.3 million to the Department of Justice (DOJ) to settle allegations that cybersecurity failures led to the theft of client personal information during the height of the COVID-19 pandemic.
More from Regulatory Enforcement
-
News BriefFTC shuts down student loan firms over deceptive debt relief practices
The U.S. Federal Trade Commission (FTC) took action against a pair of student loan debt relief companies for allegedly deceiving borrowers. The move came despite the Trump administration’s broader efforts to roll back enforcement actions against businesses since taking office.
-
News BriefCoinbase faces a leftover SEC probe as crypto enforcement loses steam
After dismissing its lawsuit against the crypto exchange Coinbase in March, a second investigation into the exchange by the Securities and Exchange Commission has surfaced, according to a report from the New York Times. This comes as a bit of a surprise after the Trump administration has been scaling down ...
-
News BriefStates like New York, Pennsylvania stepping up to fill regulatory void left by federal agencies
As the Consumer Financial Protection Bureau steps back from its core mission of protecting American consumers, states like New York and Pennsylvania are stepping up to fill the regulatory void.