• The SEC fined four companies—Check Point, Mimecast, Unisys, and Avaya—a total of $7 million for misleading disclosures about the 2019 SolarWinds hack.
  • The companies downplayed the extent of the breaches, with each committing different violations, according to the SEC.

The U.S. Securities and Exchange Commission (SEC) has fined four companies a combined $7 million for providing misleading disclosures about the 2019 SolarWinds hack, a cyberattack that impacted multiple businesses and government agencies using SolarWinds software. The companies charged include cybersecurity firms Check Point and Mimecast, along with technology companies Unisys and Avaya.

Check Point will pay a penalty of $995,000, Mimecast will pay $990,000, Unisys will face a $4 million fine, and Avaya will pay $1 million. Each company was found to have made misleading statements or failed to fully disclose the extent of the breaches they experienced.

The SEC stated that the companies “negligently” downplayed the impact of the breaches. For example, Avaya failed to disclose that hackers had accessed “at least 145 files in its cloud file sharing environment,” while Check Point provided only generic descriptions of the intrusion. Mimecast did not fully disclose the nature of the stolen credentials, and Unisys described the risks of cybersecurity events as "hypothetical" despite being directly affected.

Sanjay Wadhwa, acting director of the SEC’s Division of Enforcement, emphasized the importance of transparency, stating,

“It is incumbent upon them to not further victimize their shareholders or other members of the investing public by providing misleading disclosures.”

The companies have all cooperated with the SEC's investigation. Check Point, Mimecast, and Avaya issued statements affirming their actions to address cybersecurity concerns, while Unisys declined to comment further, referencing a regulatory filing.

All four firms have agreed to pay the fines without admitting or denying the SEC’s findings.

Edited by Harshajit Sarmah

ALSO READ:

Buenos Aires Launches Blockchain Digital IDs with QuarkID
This initiative positions Buenos Aires as the first city globally to utilize blockchain technology and zero-knowledge cryptography to create self-sovereign digital identities.
NewzchainHarshajit Sarmah