- Topics
- Regions
- Events
- Webcasts
- Resources
- CW Exclusives
- Membership
“For tracking litigation, enforcement, and regulatory developments, Compliance Week
should be your prime source.”- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
SEC orders R.R. Donnelley to pay $2.1M over cyber-related control violations
By 
Jeff Dale2024-06-20T14:45:00
A business communications and marketing services company agreed to pay more than $2 million to settle charges levied by the Securities and Exchange Commission (SEC) over cybersecurity-related control violations.
Chicago-based R.R. Donnelley & Sons Company (RRD) agreed to cease and desist from further violations in reaching the settlement, the SEC announced in a press release Tuesday. RRD failed to “design effective disclosure controls and procedures to report relevant cybersecurity information to management with the responsibility for making disclosure decisions and failed to carefully assess and respond to alerts of unusual activity in a timely manner,” the SEC alleged.
The agency acknowledged the firm’s prompt reporting of a ransomware incident to agency staff before public disclosure, cooperation throughout the investigation, and voluntarily adopting new cybersecurity technology and controls.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
PremiumSolarWinds partial dismissal casts doubt on SEC Cybersecurity Rule
A partial dismissal of charges levied by the Securities and Exchange Commission against Solarwinds has cast doubt about the breadth of the SEC's Cybersecurity Rule.
-
News BriefFCC fines Charter Communications $15M over failing to report 911 outages
Charter Communications agreed to pay $15 million and put in place a “robust” compliance plan, including cybersecurity upgrades, to settle allegations it didn’t comply with emergency 911 and network outage notification rules, the Federal Communications Commission announced.
-
News BriefDOJ orders consultants to pay $11.3M total for cyber rule violations
Guidehouse and Nan McKay and Associates will pay a total of $11.3 million to the Department of Justice (DOJ) to settle allegations that cybersecurity failures led to the theft of client personal information during the height of the COVID-19 pandemic.
More from Regulatory Enforcement
-
News BriefFTC sues GM for selling location and behavioral data without drivers' consent
General Motors failed to disclose to customers that it tracked their precise locations and driving behavior and sold the data to third parties, the Federal Trade Commission alleged in a proposed order.
-
News BriefCash App owner Block to pay $175M over fraud caused by lax consumer protection practices
Block, the owner of Cash App and Square, will pay $175 million to settle allegations that its lax consumer protection practices put customers at high risk of fraud, the Consumer Financial Protection Bureau said.
-
News BriefFTC orders Mobilewalla, Gravy Analytics to stop collecting geolocation data without permission
Two large data brokers, Mobilewalla and Gravy Analytics, collected billions of records containing sensitive geolocation and personal data of millions of people, and then sold it without their consent, the Federal Trade Commission said.