SEC Fines Four Tech Firms for Misleading SolarWinds Hack Disclosures

Unisys, Avaya, Check Point, and Mimecast face penalties for downplaying the impact of the 2020 SolarWinds cyberattack.

The SEC charged Unisys Corp., Avaya Holdings, Check Point Software, and Mimecast for providing misleading disclosures about their exposure to the SolarWinds hack.
Unisys received the largest fine of $4 million for failing to implement proper disclosure controls and describing cybersecurity risks as hypothetical.
Avaya was fined $1 million for claiming limited email access by hackers, while the SEC found at least 145 files were accessed.
Check Point minimized the breach impact using vague descriptions, resulting in a $995,000 penalty.
Mimecast underreported the extent of the attack, not disclosing the type of stolen code and number of compromised credentials, leading to a $990,000 fine.