Action against Respondent technology company in connection with material misstatements and omissions related to a cyber-breach affecting numerous user accounts.  According to the SEC, Defendant learned of the breach, which resulted in unauthorized access to users’ personal information, but failed to disclose it in its public filing for approximately two years and failed to disclose business risks related to the breach, such as potential future litigation.  In addition, the SEC alleges that Defendant affirmatively denied the existence of any significant data breach in connection with a proposed sale of its operating business.  Respondent has agreed to pay a civil penalty of $35,000,000.

SEC Order

SEC Press Release