SEC

R.R. Donnelley & Sons Co., a global business communications provider, agreed to a $2.125 million settlement with the US Securities and Exchange Commission for inadequate management of third-party cybersecurity controls. In late 2021, a ransomware attack exposed significant flaws in Donnelley’s oversight of its security service provider, leading to data breaches and operational disruptions. The SEC highlighted the company’s failure to properly supervise its managed security services provider, which compromised the integrity and confidentiality of sensitive client data.