New SEC regulations will force any public games company in the US to disclose 'material' hacks within four days
Last week, we reported on a Roblox data breach that first happened in 2020, and was apparently shared in some nefarious places in 2021, but only became widely known about when the leak was posted again on July 18. There was a wealth of identifying information about individuals who attended the Roblox Developer's Conference in this hacked data, and some might find the length of time between the hack happening and Roblox Corporation acknowledging it pretty surprising.
Gaming companies are hardly alone in being targets for bad actors, with cybercrime now an omnipresent threat in every business sector. And no matter how good the defences get, we'll be reading about successful hacks on high-profile targets for the rest of our lives. The US Security and Exchanges Commission clearly thinks so and as reported by The Register has voted to adopt new requirements, first proposed in March 2022, that any public company suffering a computer crime that's likely to cause any kind of a «material» hit will now have a four-day time limit in which to disclose the incident. A material hit is basically anything investors should be concerned about.
Given that the vast majority of the big gaming companies in the US are publicly traded, this means the new rule (which comes into effect in 30 days) will apply to companies such as: Activision Blizzard, Electronic Arts, Microsoft, Nexon, Nintendo, Paradox Interactive, Riot Games, Roblox Corporation, Sony, and Take-Two Interactive. Nested within those are plenty of other famous studios like Blizzard, Bungie, Rockstar, and Zynga.
Any company that's suffered a cybersecurity incident that could have a material impact now has to determine whether it should be disclosed «without reasonable delay» and, if
Read more on pcgamer.com
