by T. GormanPosted on Posted in SECActions

Provisions such as Section 13(d) were added to the Exchange Act to provide the markets and investors with notice of those who have significant holdings of a security. The Section requires that those who acquire 5% or more of a security file a form disclose their holdings and intention. The Section has a strict liability standard – traders must comply with the dictates of the Section, no excuses. The Commission’s latest case in this area names Elon Musk as a defendant. SEC v. Musk, Civil Action No. 25-cv-105 (D.D.C. Filed January 14, 2025).

Mr. Musk is, of course, a well-known celebrity. In March 2022 he began purchasing shares of Twitter common stock. By March 14, 2022, he had acquired beneficial ownership of over 5% of the firm’s outstanding common shares.

During the period Exchange Act Section 13d-1 required Mr. Musk to file with the Commission a beneficial ownership report disclosing his transaction within ten calendar days after crossing the 5% level. He did not. By not filing Mr. Musk save over $150 million, according to the Commission. Mr. Musk’s gains were the losses for other traders in the market as he traded.

On April 4, 2022, Mr. Musk publicly disclosed his beneficial ownership in a report filed with the Commission. The filing disclosed that he had acquired over 9% of the shares. Following the announcement the share price increased by over 27% over the prior day’s close. By not complying with Section 13(d) Mr. Musk saved over $150 million. He spent over $500 million to acquire the block of stock. The complaint alleges violations of Exchange Act Section 13(d). See Lit. Rel. No. 26219 (January 14, 2025).

There is little doubt that Mr. Musk knew about Section 13(d). So, the question is this: What was Mr. Musk’s point?

Tagged with: , ,

by T. GormanPosted on Posted in SECActions

Cyber security has emerged as a key issue facing virtually every company. While company security systems have undoubtedly improved over the years, it is also true that those involved in these incidents have added to, and improved, their skills. The stakes are huge not just for large public companies but also smaller private firms that may house quantities of employee and/or customer data. A cyber incident for any of these firms can result in the exposure of large troves of non-public personal data. If hacked the firm and its employees and customers may face potentially untold threats and damage from a cyber incident. The Commission’s latest case in this area involves a firm that was infiltrated by a threat actor. SEC v. Ashford, Inc., Civil Action No. 3:25-cv-00082 (N.D. Tex. Filed 1/13/25).

Ashford, a public company, provides product and services to the real estate and hospitality industries. In September 2023 the firm learned that it had been subjected to a cybersecurity attack and ransomware demand by a foreign-based threat actor. The threat actor gained access to the firm and exfiltrated about 12 terabytes of data stored on its internal systems.

As required, Ashford disclosed the incident after it was identified. In September 2023 the firm disclosed in a Form 10-Q that it had experienced a Cyber Incident. The filing stated that the firm had completed an investigation and identified “certain employee information that may have been exposed. . .” The report went on to state that the company “had not identified that any customer information was exposed.” Similar disclosures were made in two subsequent filings.

Ashford knew that contrary to its disclosures, customer information was exposed – the files exposed to the incident contained customer information. It included sensitive personally identifiable information for some customers according to documents produced by the company to the Commission during its investigation. The inaccurate disclosures violated Securities Act Sections 17(a)(3) and Exchange Act Section 13(a) as well as Rules 12b-20, 13a-1 and 13a-13.

To resolve the matter, the company consented to the entry of a permanent injunction based on the Sections cited. The firm also paid a civil penalty of $115,231 which took into account the cooperation of the company with the Commission’s investigation.

See Lit. Rel. No. 26215 (January 13, 2025)

Tagged with: ,