Should U.S. companies hacked by Chinese have told investors?

|By:, SA News Editor

Three U.S. public companies identified as Chinese hacking victims by the Justice Department didn’t report the theft of trade secrets and other data to investors, despite rules designed to disclose significant events.

Two of the companies - Alcoa (AA) and Allegheny Technologies (ATI) - say the thefts weren’t material to their businesses and don’t have to be disclosed under SEC rules designed to give investors information that may affect share prices; U.S. Steel (X) has not commented.

Cybersecurity specialists are skeptical that companies will ever willingly disclose their breaches; "the prospect of Justice Department indictments that will never lead to prosecution, much less diminished attacks, is nothing close to an 'incentive' to disclose," says one lawyer.