"While public companies may become targets of cyberattacks, it is incumbent upon them to not further victimize their shareholders or other members of the investing public by providing misleading disclosures about the cybersecurity incidents they have encountered," said Sanjay Wadhwa, acting director of the SEC's Division of Enforcement.
"Here, the SEC's orders find that these companies provided misleading disclosures about the incidents at issue, leaving investors in the dark about the true scope of the incidents."
According to the SEC, all four companies learned the Russian threat actors behind the SolarWinds Orion hack had accessed their systems in an unauthorized manner, but chose to minimize the scope of the incident in their public disclosures.
Unisys, the independent federal agency said, chose to describe the risks arising as a result of the intrusion as 'hypothetical' despite being aware of the fact that the cybersecurity events led to the exfiltration of more than 33 GB of data on two different occasions.
#cybersecurity #securities-and-exchange-commission #solarwinds #public-companies #investor-disclosures
Collection
[
|
...
]