Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

SEC probing SolarWinds clients over breach disclosures

Reprints
breach

(Reuters) — The U.S. Securities and Exchange Commission has opened a probe into last year's SolarWinds cyber breach, focusing on whether some companies failed to disclose that they had been affected by the unprecedented hack, two persons familiar with the investigation said on Monday.

The SEC sent investigative letters late last week to a small number of public issuers and investment firms seeking voluntary information on whether they had been victims of the hack and failed to disclose it, said the persons, speaking under the condition of anonymity to discuss confidential investigations.

The agency is also seeking information on whether public companies that had been victims had experienced a lapse of internal controls, and related information on insider trading.

The agency is also looking at the policies at certain companies to assess whether they are designed to protect customer information, one of the people said.

A spokesperson for SolarWinds, which provides a range of IT software, networks and systems, did not respond immediately to a request for comment. The SEC's press office declined to comment.

U.S. securities law requires companies to disclose material information that could affect their share prices, including cyber breaches, although cybersecurity disclosure failures are still relatively new enforcement territory for the SEC.

In December, U.S. regulators found that a breach by a foreign actor of SolarWinds' software gave hackers access to data of thousands of companies and government offices that used its products. News of the hack sent SolarWinds' share price tumbling, while cybersecurity stocks rallied.

The United States and Britain have blamed Russia's Foreign Intelligence Service (SVR), successor to the foreign spying operations of the KGB, for the hack, which compromised nine U.S. federal agencies and hundreds of U.S. private sector companies.

If the issuers and investment firms respond to the letters by disclosing details about the breaches, they would not be subject to enforcement actions related to historical failures, including internal accounting control failures, the people said.

While the letters are focused on the SolarWinds breach, the SEC may develop future policies on the impact of cybersecurity issues on the markets and on investors, the people said. 

 

 

 

 

Read Next

  • SolarWinds hack obtained DHS officials’ emails: AP

    (Reuters) — Hackers suspected of working for Russia got access to an email account belonging to the former head of the U.S. Department of Homeland Security, which is responsible for cybersecurity, in the SolarWinds hack, the Associated Press reported on Monday.