In a statement, Sanjay Wadhwa, acting director of the SEC’s division of enforcement, said, “as today’s enforcement actions show, while public companies may be victims of cyberattacks, it is important for them not to continue to victimize shareholders or other members of cyberattacks. investing in the community by providing misleading disclosures about the cybersecurity incidents they experienced.”
The SEC’s orders, he said, “find that these companies provided misleading disclosures about the incidents at issue, leaving investors in the dark about the true scope of the incidents.”
All four organizations, the release said, discovered in 2020 or 2021 that “a threat actor possibly behind the SolarWinds Orion hack had accessed their systems without authorization, but each negligently minimized their cybersecurity incident from public exposure.”
Source link