US SEC investigates SolarWinds clients over cyber breach disclosures
The SEC is investigating whether some organisations failed to disclose if they had been affected by the attack
The US Securities and Exchange Commission (SEC) has launched an investigation into the SolarWinds attack, focusing on whether some organisations did not disclose that they had been impacted by the breach.
Additionally, the SEC is trying to find out whether public companies that have been victims had experienced a lapse of internal controls. It is also investigating the policies belonging to certain companies to see where they are designed to protect customer information.
Sources told the publication that if the issuers and investment firms disclose details about the breaches, they would not be hit with enforcement actions. In the US, securities law requires companies to share material information that could affect their share prices, which includes cyber breaches.
A spokesperson for SolarWinds said in a statement to IT Pro: "Our top priority since learning of this unprecedented attack by a foreign government has been working closely with our customers to understand what occurred and remedy any issues."
The company also disclosed it was "collaborating with government agencies in a transparent way”.
A guide to enterprise detection and response providers
The 12 providers that matter most and how they stack upDownload now
IT Pro has contacted the SEC for comment.
SolarWinds was targeted by a cyber attack in December which saw hackers infect the networks of thousands of US companies and government networks. The company advised users to upgrade to the latest version of its Orion software to deal with the breach.
The US and UK government agreed that the Russian foreign intelligence service was behind the attack. These hackers launched a new wave of attacks last month, targeting 150 government agencies, think tanks, consultants and NGOs from 24 countries, according to Microsoft, which found that an estimated 3,000 email accounts had been targeted.
B2B under quarantine
Key B2C e-commerce features B2B need to adopt to surviveDownload now
The top three IT pains of the new reality and how to solve them
Driving more resiliency with unified operations and service managementDownload now
The five essentials from your endpoint security partner
Empower your MSP business to operate efficientlyDownload now
How fashion retailers are redesigning their digital future
Fashion retail guideDownload now