U.S. IT service company Okta is enhancing its security architecture after a recent cyber-attack on its customer support system this October. Originally thought to be a minor data breach, the cyber hack turned out to be large and resulted in the theft of names and emails of commercial users. The breach highlights the difficulty of the SEC cyber disclosure rules, which state that public companies must report cyberattacks through regulatory filings, no later than four business days after the determination of material impact. The early stages of a cyberattack are usually hectic, so this puts companies in a tough spot. They may disclose information that they believe accurate, but turns out later to be inaccurate which can lead to allegations of misleading investors.
https://www.wsj.com/articles/okta-says-hackers-stole-data-for-all-customer-support-users-5204611f