Justice Department officials announced yesterday that they have busted up a global hacking and insider-trading operation that allegedly made $30 million in illegal profits by trading on press release information stolen from Business Wire, PRNewswire and Marketwired before the press releases went out.
The stolen press releases covered earnings and mergers involving companies such as Hewlett-Packard, Netflix, Delta Air Lines, Boeing, Bank of America, Ford Motor, Honeywell and Viacom.
According to news reports, the hackers and their clients have had access to the computers of the wire services since 2010, stealing 150,000 press releases in the process. The hackers were so brazen – and so sure that the wire services wouldn’t catch on – that they provided tutorials to their customers and took “shopping lists” from traders looking for specific information.
There’s no question what needs to happen next. Public companies should stop using the wire services and develop their own secure methods for meeting the SEC’s disclosure requirements and protecting investors. The SEC does not mandate press release issuance via one of these wires – it just says that companies must use methods that are “reasonably designed to provide broad, non-exclusionary distribution of the information to the public.” The wire services have long been the easiest way to meet that requirement.
The next thing that should happen is that the SEC should add a cybersecurity requirement to close this gaping hole. It should be the issuers’ responsibility to ensure data integrity, not the wire services’. Clearly, they have already proven utterly ineffective at providing that security, and they don’t deserve a second chance.
The Internet should have made these services obsolete years ago, but the need for a public company disclosure system has kept them alive and made them such cash cows (global distribution of an earnings release can cost $5,000 a shot) that Warren Buffett bought Business Wire a few years ago.
After the news broke, neither PRNewswire nor Business Wire expressed the slightest contrition, nor did they take responsibility for compromising their customers’ information and facilitating a criminal operation that hurt countless investors.
Here’s a story that includes a statement from Business Wire – I could not find an actual press release from Business Wire addressing this news. Here’s PRNewswire’s statement. Marketwired actually took some responsibility (without apologizing to investors), but only provided an emailed statement.
Once upon a time, the press release distribution services provided a real value to companies by piping their news directly into newsrooms, first by teletype, then by fax, and finally by proprietary wires into media computers. But those days are long gone. It's time for these services to be gone too.
No comments:
Post a Comment