IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

US SEC investigates SolarWinds clients over cyber breach disclosures

The SEC is investigating whether some organisations failed to disclose if they had been affected by the attack

The US Securities and Exchange Commission (SEC) has launched an investigation into the SolarWinds attack, focusing on whether some organisations did not disclose that they had been impacted by the breach.

The SEC has sent letters to a range of public issuers and investment firms to find out whether they had been a victim of last year’s hack and failed to disclose it, according to Reuters sources.

Additionally, the SEC is trying to find out whether public companies that have been victims had experienced a lapse of internal controls. It is also investigating the policies belonging to certain companies to see where they are designed to protect customer information.

Sources told the publication that if the issuers and investment firms disclose details about the breaches, they would not be hit with enforcement actions. In the US, securities law requires companies to share material information that could affect their share prices, which includes cyber breaches.

A spokesperson for SolarWinds said in a statement to IT Pro: "Our top priority since learning of this unprecedented attack by a foreign government has been working closely with our customers to understand what occurred and remedy any issues."

The company also disclosed it was "collaborating with government agencies in a transparent way”.

Related Resource

A guide to enterprise detection and response providers

The 12 providers that matter most and how they stack up

Forrester enterprise detection WPDownload now

IT Pro has contacted the SEC for comment.

SolarWinds was targeted by a cyber attack in December which saw hackers infect the networks of thousands of US companies and government networks. The company advised users to upgrade to the latest version of its Orion software to deal with the breach.

The US and UK government agreed that the Russian foreign intelligence service was behind the attack. These hackers launched a new wave of attacks last month, targeting 150 government agencies, think tanks, consultants and NGOs from 24 countries, according to Microsoft, which found that an estimated 3,000 email accounts had been targeted.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers
ransomware

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers

26 May 2022
Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022