how is that not securities fraud?
they are under legal obligation to tell investors about this sort of shit.
They are indeed under a legal obligation to disclose "material" cybersecurity incidents. For people who want to see the details, here's the SEC release https://www.sec.gov/newsroom/press-releases/2023-139
Now will the SEC enforce against oracle? In this environment I highly doubt anyone at the SEC would have the appetite but I could be wrong.
So will any investors with standing choose to bring a civil action? Could well do it. There are for sure investors (eg Elliot) who in general would fight anyone at all if they thought they had a case. I don't know if there's anyone like that who had a position in Oracle specifically, but it wouldn't suprise me.
The SEC no longer exists. The billionaires like Elison completely own the US government right now.
Welcome to the (most recent) era of deregulation. Get ready for all Fortune 500s to deny, deny, deny, and bribe.
Presumably the requirements for public companies to disclose stuff and generally follow all kinds of rules were somehow for the health of the markets or something like that. I wonder how the markets will fare with the rules neutered.
To be fair, they're trending down at the moment, so maybe there was something there. But truly only time will tell.
Crypto is a prime asset for bribing. Not for nothing the president has his own shit coin.
Not related to this story at all.
Sometimes comments are made in relation to upstream comments. In this case
"Welcome to the (most recent) era of deregulation. Get ready for all Fortune 500s to deny, deny, deny, and bribe."
they likely aren't under an obligation to tell investors about it immediately and simply putting something in their quarterly report about it will probably be fine.
That being said if they put something in some communication that said "we take security seriously" or something that would probably be grounds to sue as this obviously shows they aren't serious or something. The barriers to shareholder lawsuits for securities fraud are pretty low.
The SEC says they have 4 business days
"An Item 1.05 Form 8-K will generally be due four business days after a registrant determines that a cybersecurity incident is material. The disclosure may be delayed if the United States Attorney General determines that immediate disclosure would pose a substantial risk to national security or public safety and notifies the Commission of such determination in writing." (from https://www.sec.gov/newsroom/press-releases/2023-139)