First American, which has been charged for inadequate disclosure of the security vulnerability that prompted the massive data leak, will be paying a $487,616 fine to the SEC. According to the SEC, First American first disclosed the flaw months after it was identified by its information security staff, who did not fix the vulnerability and properly inform the company's top executives.
"As a result of First American's deficient disclosure controls, senior management was completely unaware of this vulnerability and the company's failure to remediate it. Issuers must ensure that information important to investors is reported up the corporate ladder to those responsible for disclosures," said Kristina Littman, chief of the SEC Enforcement Division’s Cyber Unit.
"We're pleased to resolve this matter with the SEC and remain committed to compliance with all SEC disclosure control requirements," First American stated.