The U.S. Securities and Exchange Commission (SEC) has fined Check Point, Mimecast, Avaya, and Unisys amounts ranging from $1 million to $4 million.

On October 22, 2024, the SEC announced sanctions against four companies for “misleading statements” following the 2020 SolarWinds hack. The U.S. financial markets authority found Check Point, Mimecast, Avaya, and Unisys guilty of misrepresenting “cybersecurity risks and intrusions.”

The SEC imposed a fine of approximately $1 million (€1.08 million) on cybersecurity firms Check Point and Mimecast and enterprise communications company Avaya. These three organizations had greatly downplayed the extent of the breaches they experienced.

IT services giant Unisys, on the other hand, had referred to “hypothetical” risks, even though the company had observed a dual data breach. The SEC found Unisys guilty of “disclosure controls and procedures violations” and imposed a heavier fine of $4 million (€3.7 million).

The SolarWinds hack, generally attributed to the Russian group Nobelium, targeted the Orion IT performance management tool developed by SolarWinds in 2020. Described as a “cyber 9/11,” it led to the compromise of over 18,000 clients. Among the victims were U.S. government agencies, including the Departments of Treasury and Commerce, as well as tech giants like Cisco, Intel, and Microsoft.

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.