United States SEC Fines 4 Companies $6.9 Million for Misleading Material Disclosures on Cybersecurity Risks & Intrusions, 4 Companies Fined are Unisys, Avaya Holdings, Check Point Software Technologies & Mimecast
24th October 2024 | Hong Kong
The United States Securities and Exchange Commission (SEC) has fined 4 companies $6.9 million for misleading material disclosures on cybersecurity risks & intrusions. The 4 companies fined are Unisys, Avaya Holdings, Check Point Software Technologies & Mimecast. United States SEC (24/10/24): “The Securities and Exchange Commission today charged four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited – with making materially misleading disclosures regarding cybersecurity risks and intrusions. The SEC also charged Unisys with disclosure controls and procedures violations. The companies agreed to pay the following civil penalties to settle the SEC’s charges: Unisys will pay a $4 million civil penalty; Avaya. will pay a $1 million civil penalty; Check Point will pay a $995,000 civil penalty; andMimecast will pay a $990,000 civil penalty. The charges against the four companies result from an investigation involving public companies potentially impacted by the compromise of SolarWinds’ Orion software and by other related activity … … According to the SEC’s orders, Unisys, Avaya, and Check Point learned in 2020, and Mimecast learned in 2021, that the threat actor likely behind the SolarWinds Orion hack had accessed their systems without authorization, but each negligently minimized its cybersecurity incident in its public disclosures. The SEC’s order against Unisys finds that the company described its risks from cybersecurity events as hypothetical despite knowing that it had experienced two SolarWinds-related intrusions involving exfiltration of gigabytes of data. The order also finds that these materially misleading disclosures resulted in part from Unisys’ deficient disclosure controls. The SEC’s order against Avaya finds that it stated that the threat actor had accessed a “limited number of [the] Company’s email messages,” when Avaya knew the threat actor had also accessed at least 145 files in its cloud file sharing environment. The SEC’s order against Check Point finds that it knew of the intrusion but described cyber intrusions and risks from them in generic terms. The order charging Mimecast finds that the company minimized the attack by failing to disclose the nature of the code the threat actor exfiltrated and the quantity of encrypted credentials the threat actor accessed … … The SEC’s orders find that each company violated certain applicable provisions of the Securities Act of 1933, the Securities Exchange Act of 1934, and related rules thereunder. Without admitting or denying the SEC’s findings, each company agreed to cease and desist from future violations of the charged provisions and to pay the penalties described above. Each company cooperated during the investigation, including by voluntarily providing analyses or presentations that helped expedite the staff’s investigation and by voluntarily taking steps to enhance its cybersecurity controls.”
“ United States SEC Fines 4 Companies $6.9 Million for Misleading Material Disclosures on Cybersecurity Risks & Intrusions, 4 Companies Fined are Unisys, Avaya Holdings, Check Point Software Technologies & Mimecast “
United States SEC Fines 4 Companies $6.9 Million for Misleading Material Disclosures on Cybersecurity Risks & Intrusions, 4 Companies Fined are Unisys, Avaya Holdings, Check Point Software Technologies & Mimecast
Sign Up / Register
Caproasia Users
- Manage $20 million to $3 billion of assets
- Invest $3 million to $300 million
- Advise institutions, billionaires, UHNWs & HNWs
Caproasia Platforms | 11,000 Investors & Advisors
- Caproasia.com
- Caproasia Access
- Caproasia Events
- The Financial Centre | Find Services
- Membership
- Family Office Circle
- Professional Investor Circle
- Investor Relations Network
Monthly Roundtable & Networking
Family Office Programs
The 2025 Investment Day
- March - Hong Kong
- March - Singapore
- July - Hong Kong
- July - Singapore
- Sept- Hong Kong
- Sept - Singapore
- Oct- Hong Kong
- Nov - Singapore
- Visit: The Investment Day | Register: Click here
Caproasia Summits
- The Institutional Investor Summit
- The Investment / Alternatives Summit
- The Private Wealth Summit
- The Family Office Summit
- The CEO & Entrepreneur Summit
- The Capital Markets Summit
- The ESG / Sustainable Investment Summit