Wish List Corp. is an Internet-based, publicly traded company that allows subscribers to make wishes and also to grant wishes made by other subscribers. The company has been surprisingly successful; in the past fiscal year it had $65 million in revenues and profits of $20 million. To accommodate its expansion, the company is moving to a new platform for storage of data and customer management. At present the move to the new platform is in test mode; the company has not yet gone live with this functionality. Due to a mistake by a vendor, however, access to the new platform is accidentally made available to third parties for a six-hour period before the error is detected and corrected. During that period, non-public personal information for about 20,000 of the company’s 100,000 customers could have been obtained by anyone with access to the Internet. The company quickly investigates the incident and concludes that no nonpublic information was disclosed. The company is working on the problem and believes that it will soon be addressed. Until now the company has made no disclosure about cyber risks in its SEC disclosure documents, other than the statement that “like other Webbased firms, the Company is at risk of breaches or data losses that may have a material adverse effect on its financial position.” If you were securities counsel to the company, what would you advise regarding its disclosure obligation in the wake of the incident?