The following new documents were recently made available by the SEC, and have been identified by an automated process as potentially relating to disclosures of “cyber” risk or incidents.
03/25/2013 IHS Inc http://www.sec.gov/Archives/edgar/data/1316360/000131636013000075/q11310q.htm (10-Q for IHS Inc)
You can read more about filings like this at https://vaguelythreatening.wordpress.com/2012/08/30/sec-comment-letters-as-infosec-situational-awareness/
Language in this filing seems to acknowledge prior attacks:
While prior cybersecurity attacks have not had a material adverse effect on our financial results, we have taken and are taking reasonable steps to mitigate the damage of such events and to prevent any future events, including implementation of system security measures, information backup and disaster recovery processes. However, those steps may not be effective and there can be no assurance that any such steps can be effective against all possible risks.