SEC fines cybersecurity giants for downplaying effects of SolarWinds attack

Several companies downplayed the impact of the SolarWinds attack on their systems

· TechRadar

News By Benedict Collins published 23 October 2024

(Image credit: Shutterstock)

Four top security companies have been charged for downplaying the impact the SolarWinds Orion compromise had on their systems, an action which violated certain provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934, among other related rules.

The US Securities and Exchange Commission charged and fined Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited for “making materially misleading disclosures regarding cybersecurity risks and intrusions.”

All companies have received civil penalties, with Unisys expected to pay $4 million, Avaya $1 million, Check Point $995,000, and Mimecast $990,000.

Misleading disclosures

The 2020 attack on SolarWinds’ Orion infrastructure management software saw threat actors push updates to the Orion software that were loaded with malware, infecting other organizations downstream in the supply chain that used the Orion software.

The attack impacted thousands of businesses and several branches of the US government, including the US Department of Homeland Security, the US Treasury Department, and the US Department of Commerce.

Among the businesses impacted by the attack were the four charged by the SEC, which in its press release stated Unisys, “described its risks from cybersecurity events as hypothetical” despite the company having knowingly experienced two attacks as a result of the SolarWinds attack that resulted in large amounts of data being exfiltrated.

The charge against Avaya states the company attempted to downplay the impact of the SolarWinds attack, stating attackers had accessed a “limited number of [the] Company’s email messages.” In actuality, Avaya was already aware the threat actors had broken into the companies cloud file sharing system and gained access to at least 145 files.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors