SEC Charges Issuer for Inadequate Cybersecurity Disclosure Controls

Proposed Legislation Would (1) Delay for 60 Days the Consummation of Many Transactions Valued as Low as $9.2 Million and (2) Establish a New “Abuse of Dominance” Standard Subjecting Many Small Businesses to Treble Damages Sullivan & Cromwell LLP - June 17, 2021

On June 15, 2021, the Securities and Exchange Commission (“SEC”) announced charges against First American Financial Corporation (“First American”) for failure to maintain adequate disclosure controls and procedures in violation of Exchange Act Rule 13a-15(a). The charges, which were simultaneously settled pursuant to a cease-and-desist order (the “Order”) imposing a $487,616 civil money penalty, related to a vulnerability in First American’s proprietary software application that caused tens of millions of document images—many containing consumers’ personal information—to be publicly accessible.