The Record reports that the Securities and Exchange Commission has charged four cybersecurity firms for their disclosures stemming from the SolarWinds incident in 2020:
The Securities and Exchange Commission (SEC) charged four companies —- Check Point, Avaya, Unisys and Mimecast — for making “materially misleading” disclosures related to cybersecurity risks and intrusions. Tuesday’s announcement is the result of a years-long investigation into public companies potentially impacted by the compromise of SolarWinds’ Orion software and by other related activity.
Unisys will pay a $4 million fine; Avaya will pay $1 million; Check Point will pay $995,000; and Mimecast will pay $990,000.
The message should be clear: minimizing or trying to minimize the scope or impact of a breach is not okay with the SEC.
Read more at The Record.
