SEC just hit four companies with big fines for downplaying the SolarWinds hack

The Securities and Exchange Commission fined four companies on Tuesday with misleading investors about the impact the 2020 hack of SolarWinds had on their own systems.

Unisys, Avaya, Check Point, and Mimecast will each pay civil penalties to settle the agency’s charges that they downplayed the impacts of the hack through their respective public disclosures.

“While public companies may become targets of cyberattacks, it is incumbent upon them to not further victimize their shareholders or other members of the investing public by providing misleading disclosures about the cybersecurity incidents they have encountered,” Acting Director of the SEC’s Division of Enforcement Sanjay Wadhwa said in a statement.

In 2020, a Russian backed group planted malware in the SolarWinds system that sent out updates to SolarWinds’s Orion software. When several thousand of the company’s clients installed the update, they also unknowingly installed the malware. It ended up becoming one of the most destructive and costly cyberattacks in history, as NPR put it.

According to the SEC, Unisys, Avaya, and Check Point learned in 2020, and Mimecast learned in 2021, that the actor behind the hack had accessed their systems without authorization. Still, the SEC argued, each minimized the incident in public disclosures. The SEC said that Unisys also described its risk as hypothetical, when it already knew it had been breached twice.

Unisys will pay a $4 million civil penalty. Avaya will pay $1 million, Check Point will pay $995,000, and Mimecast will pay $990,000.

A Check Point spokesperson said: “As mentioned in the SEC’s order, Check Point investigated the SolarWinds incident and did not find evidence that any customer data, code, or other sensitive information was accessed. Nevertheless, Check Point decided that cooperating and settling the dispute with the SEC was in its best interest and allows the company to maintain its focus on helping its customers defend against cyberattacks throughout the world.”

An Avaya spokesperson made a similar comment. “We are pleased to have resolved with the SEC this disclosure matter related to historical cybersecurity issues dating back to late 2020, and that the agency recognized Avaya’s voluntary cooperation and that we took certain steps to enhance the company’s cybersecurity controls,” the spokesperson said. “Avaya continues to focus on strengthening its cybersecurity program, both in designing and providing our products and services to our valued customers, as well as in our internal operations.”

Spokespeople for Unisys and Mimecast did not immediately return Fast Company‘s requests for comment.

https://www.fastcompany.com/91215136/sec-just-hit-four-companies-with-big-fines-for-downplaying-the-solarwinds-hack?partner=rss&utm_source=rss&utm_medium=feed&utm_campaign=rss+fastcompany&utm_content=rss

Created 6mo | Oct 23, 2024, 7:20:03 PM


Login to add comment

Other posts in this group

Families demand action from Meta over children’s deaths linked to platform harm

“Meta profits, kids pay the price,” was the message delivered by dozens of grieving families at the doors of Meta’s Manhattan office on Thursday.

Forty-five families traveled from

Apr 25, 2025, 8:10:07 PM | Fast company - tech
How BYD, Great Wall, and other key Chinese EV makers are reshaping the global auto industry

The world’s auto industry is getting a shake-up from Chinese automakers that

Apr 25, 2025, 5:50:03 PM | Fast company - tech
The other Blue Sky is getting tons of traffic

There’s Blue Sky and then there’s Bluesky.

Blue Sky, a paper goods company

Apr 25, 2025, 3:30:05 PM | Fast company - tech
Google’s profits skyrocketed 50% in Q1, beating expectations

Google’s profits soared 50% in this year’s opening quart

Apr 25, 2025, 3:30:04 PM | Fast company - tech
Here’s how top chief product officers are getting AI right

The AI revolution is redefining business and tech leadership—and no one is standing more squarely on the front lines than product leaders.

Once seen as a behind-the-scenes role, the CPO

Apr 25, 2025, 1:10:13 PM | Fast company - tech