SolarWinds: SEC Sanctions Four Companies for Misleading Statements
Articles by the same author:
1
2
3
4
On October 22, 2024, the SEC announced sanctions against four companies for “misleading statements” following the 2020 SolarWinds hack. The U.S. financial markets authority found Check Point, Mimecast, Avaya, and Unisys guilty of misrepresenting “cybersecurity risks and intrusions.”
The SEC imposed a fine of approximately $1 million (€1.08 million) on cybersecurity firms Check Point and Mimecast and enterprise communications company Avaya. These three organizations had greatly downplayed the extent of the breaches they experienced.
IT services giant Unisys, on the other hand, had referred to “hypothetical” risks, even though the company had observed a dual data breach. The SEC found Unisys guilty of “disclosure controls and procedures violations” and imposed a heavier fine of $4 million (€3.7 million).
The SolarWinds hack, generally attributed to the Russian group Nobelium, targeted the Orion IT performance management tool developed by SolarWinds in 2020. Described as a “cyber 9/11,” it led to the compromise of over 18,000 clients. Among the victims were U.S. government agencies, including the Departments of Treasury and Commerce, as well as tech giants like Cisco, Intel, and Microsoft.