Cherry Hill Advisory · Research Brief

Two Years Under the SEC Cybersecurity Disclosure Rule

On December 18, 2023, the SEC began requiring every public company to disclose a material cybersecurity incident on Form 8-K within four business days. Two years on, we analyzed every filing made under the rule, including the first 8-K ever to name AI as the root cause.

Published: June 3, 2026 Coverage: Dec 18, 2023 to May 23, 2026 Filings analyzed: 78 (73 with verified day-after stock data) Sources: SEC EDGAR · Debevoise & Plimpton 8-K Tracker
78
Filings analyzed (Dec 2023 to May 2026)
47
Item 1.05 mandatory (incl. first AI-root-cause 8-K)
31
Item 8.01 voluntary "other events"
1
First AI-incident 8-K (CBFV, May 11, 2026)

What the SEC cybersecurity disclosure rule actually requires

The SEC's cybersecurity disclosure rule took effect December 18, 2023. It forces every public company to publicly tell investors about a material cyber incident on Form 8-K within four business days. Filings fall into two buckets: Item 1.05 (mandatory, after a materiality determination) and Item 8.01 (voluntary, "other events"). We analyzed every filing under the rule, sourced from SEC EDGAR and cross-checked against the Debevoise & Plimpton 8-K Tracker.

The four-business-day clock (Item 1.05)

A public company must file an 8-K under Item 1.05 within four business days of determining that a cybersecurity incident is material. The filing must describe the nature, scope, timing, and material impact (including reasonably likely impact) on the registrant.

  • The clock starts on the materiality determination, not on discovery of the incident.
  • Halliburton determined materiality in 2 days. UnitedHealth in 1 day. AT&T took 84 calendar days.
  • A national-security delay may be invoked through the U.S. Attorney General. Used twice, both by AT&T in 2024.
  • In our dataset: 47 mandatory filings, including the first-ever AI-root-cause 8-K.

The catch-all that sits alongside (Item 8.01)

Item 8.01 is the SEC's "other events" 8-K slot. A registrant can use it to tell investors about something material at the registrant's discretion, without making the formal materiality determination that Item 1.05 requires.

  • Used as defensive disclosure: describe the incident, do not declare materiality.
  • Often used for vendor-driven incidents like the CDK Global cluster (six auto dealers filed 8.01 on June 24, 2024).
  • Sonic Automotive filed 8.01 first (June 24), then 1.05 eleven days later when materiality crystallized.
  • In our dataset: 31 voluntary filings.

The first AI-incident 8-K (CBFV, May 2026)

CB Financial Services (CBFV) became the first SEC registrant to file an Item 1.05 8-K naming AI as the root cause of a cybersecurity incident.

The filing disclosed that unauthorized AI software exposed names, Social Security numbers, and dates of birth. The market reaction was a measured -1.16% day-after move, drifting to -3.30% by T+5 as the disclosure was digested.

That muted reaction is a function of issuer size, not subject matter. The next AI-incident 8-K to land at a tech-platform issuer or a regulated lender will price very differently.

What changes when AI is the root cause: the diligence question for boards shifts from "was the vendor patched" to "what was the AI system permitted to do, with what data, and who reviewed it." Mayer Brown's 2025 review estimates AI-enabled phishing or vishing was present in approximately 16% of cyber incidents. Single-incident AI filings will become a category.

Read more: Cherry Hill Advisory's AI Governance & Emerging Risk practice walks audit committees through what to inventory, classify, and report on before the next AI 8-K lands at your name.

Two headline findings every board needs to know

Two years of filings yield one structural finding about how the market prices these disclosures, and one inflection point that just occurred.

Stock prices move on cyber disclosures. Two-thirds traded down.

Of the 73 filings with verified day-after stock-price data, 48 (66%) closed down the next trading day. Cybersecurity, tech, and crypto vendors averaged a -6.6% single-day move; diversified mid- and large-caps absorbed disclosures at roughly flat (-0.1% average). The variance is enormous. The strongest predictor of a measured reaction is the strength of controls before the incident and the speed of the disclosure response after. Controls and a proactive disclosure posture are no longer optional.

The first 8-K naming AI as the root cause has been filed. A new disclosure category begins now.

CB Financial Services (CBFV) filed the first Item 1.05 8-K naming AI as the root cause of an incident: unauthorized AI software exposed names, Social Security numbers, and dates of birth. Day-after move was -1.16%. The muted reaction is a function of issuer size, not subject matter. The next AI-incident 8-K at a tech platform or regulated lender will price very differently. The time to build AI governance and control is before the disclosure, not after.

How the market actually reacts to a cyber 8-K

Market reactions cluster into three distinct archetypes. The driver is what the issuer sells, not the size of the breach. Averages below reflect 73 filings with verified day-after stock-price moves.

Cybersecurity, tech & crypto vendors

Average day-after move
-6.6%

Trust is part of the product. The market reads the disclosure as a direct hit to the customer-retention thesis. Single-day declines of 7% or more are the norm, not the exception.

Diversified mid- and large-caps

Average day-after move
-0.1%

Many revenue streams mean the market treats the disclosure as a contained, insurable, one-time event. Real P&L impact tends to arrive later in quarterly results, not at the initial 8-K.

Micro-caps and nano-caps

Day-after dispersion
High variance

Thin daily volume means individual prints swing wildly in both directions. Look at peer-set behavior and operational impact instead of trusting any single day's tape.

Five strategic insights from two years of filings

Before the raw data, here is what we learned. Each insight is grounded in the filings catalogued at the bottom of this page.

Insight 01

The market is pricing these disclosures.

With verified stock-price data on 73 of 78 filings, two-thirds (66%, 48 of 73) closed down the next trading day. The mean day-after move was -1.1% across the full set, but -6.6% for cybersecurity and tech vendors and -0.1% for diversified large-caps. The dispersion is the story. The market is asking whether trust is part of the product.

Insight 02

The materiality clock is faster than the discovery clock.

Halliburton determined materiality in 2 days. UnitedHealth in 1 day. AT&T took 84 calendar days (with the first-ever DOJ national-security delay invoked on May 9 and June 5, 2024). The disclosure timing shows up in the tape: AT&T closed near flat (-0.27%) after 84 days of preparation; Halliburton dropped 3.99% with a 2-day determination. Pre-document your materiality framework: the determination clock is the one you control.

Insight 03

Vendor incidents drive Item 8.01.

The CDK Global cluster (six auto dealers filing within one trading day on June 24, 2024) is the clearest pattern in the voluntary-disclosure set. Third-party risk programs need four-business-day-aware notification protocols from key vendors so issuers can run their own materiality clock from the moment the vendor confirms.

Insight 04

AI-incident disclosures have started.

Only 1 of 78 filings names AI as root cause (CBFV, May 11, 2026, the first ever). But Mayer Brown's 2025 review estimates AI-enabled phishing or vishing was present in approximately 16% of cyber incidents. The AI-incident wave is just beginning. Build AI governance now.

Insight 05

Industry concentration is the leading indicator.

Healthcare and healthtech, automotive retail, industrial and manufacturing, and tech vendors themselves cluster the filings. Map your peer set's 8-K filings. You are the next risk. If three of your top ten competitors have filed within twelve months, your incident is not a question of if, but when.

Six cases where the SEC cyber rule has bitten hardest

Six filings that anchor the two-year record, chosen for the magnitude of the operational, financial, or regulatory consequence.

UnitedHealth Group / Change Healthcare

UNH · Filed Feb 22, 2024 · Item 1.05

Change Healthcare subsidiary hit by ALPHV/BlackCat ransomware. HHS OCR confirmed 192.7M individuals affected: the largest US healthcare breach on record. $22M ransom paid. Day-after move actually positive (+0.87%), but T+5 turned to -5.44% as scope became clear. FY24 P&L hit grew to $3.09B through quarterly results.

Day-after
+0.87%
T+5
-5.44%

AT&T (national-security delay)

T · Filed Jul 12, 2024 · Item 1.05

Snowflake/ShinyHunters breach exposed call and text records of nearly all wireless customers. First-ever DOJ national-security delay invoked (May 9 + June 5, 2024). Market reaction near flat at disclosure (-0.27%); recovered to +1.38% by T+5. Striking restraint given scale, attributable to the 84-day pre-disclosure window.

Day-after
-0.27%
T+5
+1.38%

Coinbase

COIN · Filed May 15, 2025 · Item 1.05

Insider-enabled access by overseas contractors. 69,461 customers exposed (Maine AG filing). $180 to $400M estimated remediation; $20M extortion demand received. Close $263.41, then $244.44, then $271.95 (T+5). One of the rare cases that recovered fully within a week.

Day-after
-7.20%
T+5
+3.24%

F5 Networks (BRICKSTORM / CISA ED 26-01)

FFIV · Filed Oct 15, 2025 · Item 1.05

China-nexus UNC5221 actor using BRICKSTORM malware. Source code and vulnerability information exfiltrated. Triggered CISA Emergency Directive 26-01. Close $343.17, then $330.75, then $297.84 (T+5). The single largest T+5 decline in the verified dataset.

Day-after
-3.62%
T+5
-13.21%

Johnson Controls

JCI · Filed Mar 13, 2026 · Item 1.05

Incident dated March 11, 2026. Day-after move essentially flat (-0.26%), but Q1 2026 revenue $6.02B vs $6.34B consensus (4.4% miss); adjusted EPS $2.60 vs $2.98 consensus (-8.5% YoY), explicitly attributed to the cyber incident. The industrial-large-cap absorbs the disclosure but still misses earnings.

Day-after
-0.26%
T+5
-2.10%

Halliburton

HAL · Filed Aug 23, 2024 · Item 1.05

RansomHub attack; unauthorized access; systems taken offline. Day-after -3.99%, T+5 -8.94%, harder than the diversified-large-cap average. $35M Q3 expense; $0.02 EPS impact. Materiality determined within 2 days, the fastest in the dataset.

Day-after
-3.99%
T+5
-8.94%

How Cherry Hill Advisory helps

Two years of filings show three places where boards, audit committees, internal audit and risk teams, and CISOs need help most. We work in all three.

AI governance and control

The first AI-incident 8-K has been filed. Boards now need to know which AI systems are deployed, with what data, under whose control. We help you build the inventory and the controls before your name is in the next filing.

  • AI inventory, classification, and data-flow mapping
  • Model risk, third-party AI, and shadow-AI program design
  • Board reporting and AI committee charters aligned to SEC disclosure expectations
  • Independent assurance over the AI control environment
AI Governance & Emerging Risk ›

Cybersecurity risk and SEC disclosure controls

The materiality clock is faster than the discovery clock. We help you pre-document the framework so the four-business-day window is workable, not a fire drill. Third-party risk programs get rebuilt around the same clock.

  • Materiality framework documentation and tabletop exercises
  • SEC cyber disclosure controls and 8-K stress-testing
  • Third-party risk and vendor notification protocols (CDK-aware)
  • SOC 2 readiness, SOX cyber, and audit-committee reporting
Cybersecurity Risk ›

Incident response (Day-zero through post-mortem)

When the incident lands, the first 96 hours decide the disclosure narrative, the regulator's posture, and the stock-price reaction. We sit alongside legal and the CISO to make the materiality call, draft the 8-K, and run the post-incident review.

  • Day-zero materiality determination support
  • 8-K narrative drafting and disclosure-counsel coordination
  • Post-incident root-cause and control-gap review
  • Audit-committee and board briefings during and after the incident
Co-Sourced Internal Audit ›

Not sure where to start?

A 30-minute conversation with a former CAE or Big Four practitioner. No deck, no pitch.

Talk to Cherry Hill

Browse all 78 filings

Monthly filing cadence below, then every Item 1.05 and Item 8.01 filing in sortable tables. Each row links to its original 8-K on SEC EDGAR.

Monthly disclosure cadence

Each bar is one month of filings. Mandatory Item 1.05 sits on top in Cherry Hill Blue; voluntary Item 8.01 below in Mid Navy.

Monthly 8-K filings under the SEC cybersecurity disclosure rule, December 2023 to May 2026 0246 2023-12: 2 Item 1.052024-01: 3 Item 1.052024-02: 4 Item 1.052024-03: 3 Item 1.052024-04: 3 Item 1.052024-05: 3 Item 1.052024-06: 7 Item 8.012024-07: 4 Item 1.052024-07: 2 Item 8.012024-08: 1 Item 1.052024-08: 3 Item 8.012024-09: 1 Item 1.052024-09: 1 Item 8.012024-10: 3 Item 8.012024-11: 1 Item 1.052024-11: 1 Item 8.012024-12: 2 Item 1.052024-12: 2 Item 8.012025-02: 1 Item 1.052025-02: 2 Item 8.012025-03: 1 Item 1.052025-04: 2 Item 1.052025-04: 1 Item 8.012025-05: 2 Item 1.052025-05: 2 Item 8.012025-06: 1 Item 1.052025-07: 1 Item 8.012025-08: 2 Item 1.052025-08: 1 Item 8.012025-09: 2 Item 8.012025-10: 3 Item 1.052025-11: 1 Item 8.012025-12: 1 Item 1.052026-02: 1 Item 1.052026-03: 2 Item 1.052026-04: 2 Item 1.052026-04: 1 Item 8.012026-05: 2 Item 1.052026-05: 1 Item 8.01 Q1 2024Q2 2024Q3 2024Q4 2024Q1 2025Q2 2025Q3 2025Q4 2025Q1 2026Q2 2026
Item 1.05 (mandatory) Item 8.01 (voluntary)

Material incident declarations (47 filings, Item 1.05)

47 filings declaring a cybersecurity incident material to the issuer, including the first AI-root-cause 8-K. Sorted most recent first. Click any column header to re-sort.

47 rows shown
Ticker Company Filed Day-After T+5 Incident summary Source
WST West Pharmaceutical Services May 11, 2026 -1.11% -6.60% Data exfiltration and system encryption; took systems offline globally. EDGAR ↗
CBFV CB Financial Services (Community Bank) May 11, 2026 -1.16% -3.30% FIRST AI 8-K Unauthorized AI software exposed customer names, SSNs, and DOBs. EDGAR ↗
SYK Stryker Corp Apr 09, 2026 -0.26% -0.48% Cybersecurity incident disrupted operations; material Q1 2026 impact. EDGAR ↗
BTM Bitcoin Depot Apr 08, 2026 +15.61% +75.53% Credentials for digital-asset settlement accounts compromised; ~50.903 BTC (~$3.665M) transferred. EDGAR ↗
CCLD CareCloud Mar 27, 2026 -8.40% -14.96% EHR environment outage of ~8 hours; determined material. EDGAR ↗
TRT Trio-Tech International Mar 20, 2026 -6.13% -4.19% Ransomware at Singapore subsidiary. EDGAR ↗
UFPT UFP Technologies Feb 24, 2026 -0.50% -16.08% Third-party accessed IT systems; billing and label-making disrupted. EDGAR ↗
CPNG Coupang Dec 16, 2025 -4.69% -7.81% Former employee accessed up to 33M customer accounts. EDGAR ↗
BAFN Bayfirst Financial Oct 30, 2025 -6.10% -13.68% Third-party marketing vendor compromise; customer PII. EDGAR ↗
JCTC Jewett-Cameron Trading Oct 21, 2025 +0.30% -3.89% Encryption and exfiltration including video-meeting images. EDGAR ↗
FFIV F5 Oct 15, 2025 -3.62% -13.21% China-nexus UNC5221 / BRICKSTORM malware; source code & vulnerability info exfil; triggered CISA Emergency Directive 26-01. EDGAR ↗
WYTC Wytec International Aug 29, 2025 -24.86% +1.69% Repeated website defacement; cancelled scheduled seminar. EDGAR ↗
DAIO Data I/O Aug 21, 2025 +1.22% -4.89% Ransomware affected IT systems; operations disrupted. EDGAR ↗
UNFI United Natural Foods Jun 26, 2025 -0.88% +7.34% Systems offline; reasonably likely material impact on Q4 FY25 results. EDGAR ↗
COIN Coinbase Global May 15, 2025 -7.20% +3.24% Insider-enabled access by overseas contractors; 69,461 customers exposed (Maine AG filing); est. $180-$400M remediation; $20M extortion demand. EDGAR ↗
NUE Nucor May 14, 2025 -1.56% -6.09% Unauthorized access; production halted at multiple sites. EDGAR ↗
CNDT Conduent Apr 14, 2025 +3.92% -2.94% PII of client end-users exfiltrated; material non-recurring expenses. EDGAR ↗
ST Sensata Technologies Apr 09, 2025 +18.03% +8.37% Ransomware encrypted devices; shipping/manufacturing disrupted. EDGAR ↗
NPK National Presto Mar 06, 2025 -2.37% -6.74% Outage affected shipping, manufacturing, back-office. EDGAR ↗
LEE Lee Enterprises Feb 18, 2025 -0.09% -19.28% Encryption and file exfiltration; print distribution delays. EDGAR ↗
DNUT Krispy Kreme Dec 11, 2024 -0.79% -4.15% Online ordering platform disruption. EDGAR ↗
ENG ENGlobal Dec 02, 2024 Ransomware-style encryption; ~6 weeks of limited IT access. EDGAR ↗
AILE iLearningEngines Nov 18, 2024 Threat actor accessed environment; misdirected $250K wire (not recovered). EDGAR ↗
HAL Halliburton Sep 03, 2024 -3.99% -8.94% RansomHub attack; unauthorized access; systems offline. EDGAR ↗
MMAT Meta Materials Aug 01, 2024 -9.91% -59.42% Former executive officer deactivated website renewal. EDGAR ↗
CWGL Crimson Wine Group Jul 25, 2024 0.00% -0.34% Third-party access; files including PII potentially exfiltrated. EDGAR ↗
BSET Bassett Furniture Jul 15, 2024 -3.38% -6.56% Threat actor encrypted files; manufacturing shutdown. EDGAR ↗
T AT&T Jul 12, 2024 -0.27% +1.38% Snowflake/ShinyHunters breach; call/text records of ~109M customers (nearly all wireless). EDGAR ↗
SAH Sonic Automotive Jul 05, 2024 -2.81% +5.51% Materiality determination follow-up on CDK ransomware. EDGAR ↗
KTCC Key Tronic May 10, 2024 -0.67% -2.45% Black Basta ransomware; ~$17M revenue loss (per third-party reporting). EDGAR ↗
BDN Brandywine Realty Trust May 07, 2024 -1.69% +3.38% Encryption deployed on internal systems. EDGAR ↗
DBX Dropbox May 01, 2024 +1.86% -0.09% Dropbox Sign production environment accessed. EDGAR ↗
FYBR Frontier Communications Apr 18, 2024 Third-party access including PII. EDGAR ↗
OSUR OraSure Technologies Apr 12, 2024 -4.33% -8.49% Third party accessed data and exfiltrated certain files. EDGAR ↗
RILY B. Riley Financial Apr 08, 2024 +12.79% -13.09% Subsidiary Targus International file-system intrusion. EDGAR ↗
RLGT Radiant Logistics Mar 20, 2024 +4.28% -1.12% Canadian operations affected; service delays. EDGAR ↗
HZO MarineMax Mar 12, 2024 -0.58% -3.81% Rhysida ransomware; partial business disruption. EDGAR ↗
N/A Federal Home Loan Bank of NY Mar 01, 2024 Attempted fraud via fourth-party vendor; FHLBNY systems uncompromised. EDGAR ↗
COR Cencora (formerly AmerisourceBergen) Feb 27, 2024 -0.77% -1.27% Data exfiltrated from IT systems including personal information. EDGAR ↗
UNH UnitedHealth Group Feb 22, 2024 +0.87% -5.44% Change Healthcare ALPHV ransomware; 192.7M individuals affected (largest US healthcare breach ever per HHS OCR); $22M ransom paid. EDGAR ↗
PRU Prudential Financial Feb 13, 2024 -1.86% +0.40% ALPHV-claimed access; small % of employee/contractor accounts. EDGAR ↗
SSB SouthState Corp Feb 09, 2024 +3.14% +6.83% Detected and isolated network intrusion; limited business-process disruption. EDGAR ↗
HPE Hewlett Packard Enterprise Jan 24, 2024 +1.68% -1.35% Midnight Blizzard cloud email exfiltration from small % of mailboxes since May 2023. EDGAR ↗
MSFT Microsoft Jan 19, 2024 +0.67% +4.02% Midnight Blizzard nation-state actor exfiltrated email from senior leadership. EDGAR ↗
LDI loanDepot Jan 08, 2024 +4.02% -20.43% ALPHV/BlackCat ransomware; unauthorized access and data encryption. EDGAR ↗
FAF First American Financial Dec 22, 2023 +1.63% -1.99% Unauthorized activity on IT systems; primary website taken offline. EDGAR ↗
VFC V.F. Corporation Dec 15, 2023 -2.35% -8.83% Threat actor encrypted IT systems and exfiltrated personal data; disrupted order fulfillment. EDGAR ↗

Voluntary "other events" disclosures (31 filings, Item 8.01)

31 voluntary filings that describe a cybersecurity incident without a formal materiality determination, including the entire CDK Global dealer cluster of June 24, 2024. Sorted most recent first.

31 rows shown
Ticker Company Filed Day-After T+5 Incident summary Source
SAIL SailPoint May 08, 2026 +0.33% +10.75% Identity-security vendor; third-party involvement. EDGAR ↗
HAS Hasbro Apr 01, 2026 -4.51% -0.58% Cybersecurity incident discovered Mar 28, 2026. EDGAR ↗
BDC Belden Nov 19, 2025 +0.83% +5.25% Cybersecurity incident disclosure. EDGAR ↗
RTX RTX Corp (Collins Aerospace) Sep 19, 2025 +0.03% +3.26% Ransomware on Collins MUSE airport-check-in software; European airport disruptions. EDGAR ↗
EVTC Evertec (Sinqia) Sep 02, 2025 -2.24% -4.34% Sinqia subsidiary breach; ~R$710M unauthorized Pix transactions on Aug 29, 2025. EDGAR ↗
NOTV Inotiv Aug 08, 2025 -6.63% -3.57% Network/internal-application availability impacted. EDGAR ↗
INGM Ingram Micro Jul 07, 2025 -7.51% -5.95% SafePay ransomware (Jul 3 onset); ~3.5TB data claimed exfil; analysts est ~$136M/day at peak. EDGAR ↗
MASI Masimo May 06, 2025 -0.85% -0.80% Cybersecurity incident; later concluded no material FY25 revenue impact. EDGAR ↗
JETMF Global Crossing Airlines May 05, 2025 -0.82% -4.10% Unauthorized activity in networks; servers isolated. EDGAR ↗
DVA DaVita Apr 14, 2025 -2.98% -13.21% Ransomware encrypted network elements; patient care continued. EDGAR ↗
CYCU Cycurion Feb 24, 2025 -26.19% -55.15% Cybersecurity vendor itself breached; multiple Item 8.01 filings. EDGAR ↗
NB NioCorp Developments Feb 19, 2025 +3.78% -11.76% BEC; misdirected vendor payments ~$0.5M. EDGAR ↗
LKQ LKQ Corp Dec 13, 2024 -1.02% -3.88% Cybersecurity incident; partial operational disruption. EDGAR ↗
AORT Artivion Dec 09, 2024 -2.23% -2.36% Order/shipping and corporate ops disruption. EDGAR ↗
NR Newpark Resources Nov 07, 2024 Ransomware on internal info systems. EDGAR ↗
GL Globe Life (update) Oct 17, 2024 -1.64% -1.33% Update; ~5,000 individuals confirmed affected. EDGAR ↗
ADT ADT (2nd) Oct 08, 2024 -1.68% -3.92% Separate intrusion via third-party-partner credentials. EDGAR ↗
AWK American Water Works Oct 07, 2024 -3.91% -1.54% Customer-portal and billing systems taken offline. EDGAR ↗
MCHP Microchip Technology (update) Sep 04, 2024 +0.64% +1.37% Update; operations restored; employee data likely obtained. EDGAR ↗
MCHP Microchip Technology (initial) Aug 20, 2024 -2.13% -1.33% Unauthorized party disrupted servers; manufacturing below normal levels. EDGAR ↗
OEC Orion S.A. Aug 12, 2024 -1.76% -5.17% BEC fraud; multiple fraudulent wire transfers; ~$60M pre-tax charge. EDGAR ↗
ADT ADT (1st) Aug 07, 2024 +0.28% +1.56% Customer-order DB accessed via compromised third-party credentials. EDGAR ↗
CDRE Cadre Holdings Jul 19, 2024 -0.13% -2.17% Third party accessed certain technology systems. EDGAR ↗
RGEN Repligen Jul 15, 2024 -2.64% +2.91% Third party accessed files; ops/customer service not impacted. EDGAR ↗
LAD Lithia Motors (CDK cluster) Jun 24, 2024 +1.03% +1.40% CDK Global ransomware affecting dealer DMS/CRM. EDGAR ↗
AN AutoNation (CDK cluster) Jun 24, 2024 -1.27% +0.88% CDK Global ransomware; DMS/CRM disruption. EDGAR ↗
GPI Group 1 Automotive (CDK cluster) Jun 24, 2024 +0.87% -0.43% CDK Global ransomware; DMS/CRM disruption. EDGAR ↗
PAG Penske Automotive (CDK cluster) Jun 24, 2024 -0.30% -2.69% CDK Global ransomware; DMS/CRM disruption. EDGAR ↗
ABG Asbury Automotive (CDK cluster) Jun 24, 2024 +0.49% -0.18% CDK Global ransomware; DMS/CRM disruption. EDGAR ↗
SAH Sonic Automotive (CDK cluster, then 1.05) Jun 24, 2024 +1.24% -1.77% CDK Global ransomware; later filed Item 1.05 on July 5, 2024. EDGAR ↗
GL Globe Life (initial) Jun 14, 2024 -2.28% +4.99% Short-seller-published files; threat-actor allegations. EDGAR ↗