SEC Investigating Companies’ Handling of SolarWinds Attack | #cybersecurity | #cyberattack | #cybersecurity | #infosecurity | #hacker

(Bloomberg) — The Securities and Exchange Commission is investigating how companies responded to last year’s SolarWinds Corp. hack, which rippled through computer systems across the U.S. government and corporate America.

The SEC is seeking to determine whether public-company victims made appropriate disclosures to investors, if there was suspicious trading related to the cyberattack and whether private data was compromised, said people with direct knowledge of the matter who asked not to be named because the probe is private.

The SEC sent letters last week to companies that it believes were impacted, asking that they provide details on how their businesses were harmed, the people said. To encourage cooperation, the regulator signaled it wouldn’t penalize firms that share data voluntarily.

An SEC spokesperson declined to comment.

Read More: The Facts and Mystery About Russia’s SolarWinds Hack

The attackers installed malicious code in updates for popular software from SolarWinds, which was widely used by the government and corporations. In all, nine federal agencies and about 100 companies were infiltrated by the hackers via SolarWinds and other methods. While the motives behind the breach remain unclear, the U.S. blamed Russia and sanctioned dozens of entities and officials in April. For its part, Russia has denied any involvement.

SolarWinds told investors in March that there are numerous investigations stemming from the hack, including examinations being conducted by the SEC, Justice Department and state attorneys general. The company said it’s cooperating with the probes.

Under U.S. securities laws, public companies must disclose information that’s important enough to be considered material to an investor’s decision to buy or sell a stock — including cyberattacks. The SEC letter came from the agency’s enforcement division, which is responsible for investigating and punishing firms.

As part of its letter, the SEC warned that companies might face sanctions down the road if they committed wrongdoing and don’t take advantage of the agency’s offer to come clean. The SEC also told firms that they could still be fined for violations of insider-trading rules or what’s known as Regulation Fair Disclosure, a requirement that businesses release material information to all shareholders at the same time.

(Updates with details on SEC’s request in final paragraph)

More stories like this are available on bloomberg.com

Subscribe now to stay ahead with the most trusted business news source.

©2021 Bloomberg L.P.

Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App







National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.