US lawmakers want SEC to force hack disclosures

Lawmakers in the US have called on the Securities and Exchange Commission (SEC) to force companies to disclose when they have been hacked.

Five Democrats of the US Senate joined together to send a letter to the SEC, asking it to tell companies that they must report any major network attacks and reveal what kind of information the hackers might have stolen.

“In light of the growing threat and the national security and economic ramifications of successful attacks against American businesses, it is essential that corporate leaders know their responsibility for managing and disclosing information security risk,” the group wrote in the letter, the Wall Street Journal reports.

They said they want more transparency in the area of corporate disclosure when it comes to cyberattacks, an increasingly worrying concern for many people. They were particularly concerned that companies might be holding back information relating to attacks because it might adversely affect their stocks.

Currently many companies can evade the need to disclose an attack because regulations for disclosure are based on interpretations of the severity involved. The lawmakers want the SEC to issue guidance that will clarify the conditions for when a company is required to be forthcoming.

The move follows the recent hacking of Sony's gaming networks, which exposed millions of customer details, including passwords and credit card numbers. Sony has been widely criticised for its failure to communicate about the attacks.