Crooks pwned your servers? You've got four days to tell us, SEC tells public companies