Four top security companies have been charged for downplaying the impact the SolarWinds Orion compromise had on their systems, an action which violated certain provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934, among other related rules.
The US Securities and Exchange Commission charged and fined Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited for “making materially misleading disclosures regarding cybersecurity risks and intrusions.”
All companies have received civil penalties, with Unisys expected to pay $4 million, Avaya $1 million, Check Point $995,000, and Mimecast $990,000.
Misleading disclosures
The 2020 attack on SolarWinds’ Orion infrastructure management software saw threat actors push updates to the Orion software that were loaded with malware, infecting other organizations downstream in the supply chain that used the Orion software.
The attack impacted thousands of businesses and several branches of the US government, including the US Department of Homeland Security, the US Treasury Department, and the US Department of Commerce.
Among the businesses impacted by the attack were the four charged by the SEC, which in its press release…
Read full post on Tech Radar