U.S. SEC probing SolarWinds clients over cyber breach disclosures -sources


FILE PHOTO: The seal of the U.S. Securities and Exchange Commission (SEC) is seen at their headquarters in Washington, D.C., U.S., May 12, 2021. REUTERS/Andrew Kelly

WASHINGTON (Reuters) -The U.S. Securities and Exchange Commission (SEC) has opened a probe into last year's SolarWinds cyber breach, focusing on whether some companies failed to disclose that they had been affected by the unprecedented hack, two persons familiar with the investigation said on Monday.

The SEC sent investigative letters late last week to a number of public issuers and investment firms seeking voluntary information on whether they had been victims of the hack and failed to disclose it, said the persons, speaking under the condition of anonymity to discuss confidential investigations.

The agency is also seeking information on whether public companies that had been victims had experienced a lapse of internal controls, and related information on insider trading.

The agency is also looking at the policies at certain companies to assess whether they are designed to protect customer information, one of the people said.

The SEC's press office declined to comment.

A spokesperson for SolarWinds, which provides a range of IT software, networks and systems, said in a statement: "Our top priority since learning of this unprecedented attack by a foreign government has been working closely with our customers to understand what occurred and remedy any issues."

The company was also "collaborating with government agencies in a transparent way," the statement said.

U.S. securities law requires companies to disclose material information that could affect their share prices, including cyber breaches, although cyber security disclosure failures are still relatively new enforcement territory for the SEC.

In December, U.S. regulators found that a breach by a foreign actor of SolarWinds' software gave hackers access to data of thousands of companies and government offices that used its products. News of the hack sent SolarWinds' share price tumbling, while cyber security stocks rallied.

The United States and Britain have blamed Russia's Foreign Intelligence Service (SVR), successor to the foreign spying operations of the KGB, for the hack, which compromised nine U.S. federal agencies and hundreds of U.S. private sector companies.

If the issuers and investment firms respond to the letters by disclosing details about the breaches, they would not be subject to enforcement actions related to historical failures, including internal accounting control failures, the people said.

While the letters are focused on the SolarWinds breach, the SEC may develop future policies on the impact of cyber security issues on the markets and on investors, the people said.

(Reporting by Katanga Johnson; Editing by Steve Orlofsky and Richard Pullin)

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 46
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights

   

Next In Tech News

Ferrari boss has no fears over electric future
Facebook's Kustomer deal may hurt competition, EU regulators say
Uber, Lyft seen boosted by return of riders, but driver shortage, stubborn virus cloud outlook
Hong Kong police arrest two men in crackdown on website selling more than 30,000 upskirt photos and videos
Teenage girls in northern Nigeria ‘open their minds’ with robotics
Grab's sales jump 39% in Q1, ahead of record SPAC deal
The robot apocalypse is hard to find in America's small and mid-sized factories
Australia Tesla battery blaze under control after three days
Cryptocurrency crime in Hong Kong hits record levels, with one victim losing HK$124mil to fraudsters
Dorsey-led $29 billion deal delivers prompt payday for Afterpay founders

Stories You'll Enjoy


Vouchers