NEWS

The U.S. Securities and Exchange Commission (SEC) is delving into the response of technology and telecommunications firms to the SolarWinds cyberattack of 2020, which compromised thousands of entities, including government offices.

SolarWinds, an IT company, experienced a significant breach where hackers infiltrated its flagship network management software, Orion, granting access to various networks, including those of the U.S. government and international targets.

This breach was deemed one of the most extensive and sophisticated cyber attacks in the nation’s history.

In light of these events, the SEC is actively seeking information from affected companies regarding their handling of the cyberattack. They are particularly interested in internal communications regarding the impact of the breach and any gaps in corporate cybersecurity measures. Additionally, the SEC is investigating other cyber incidents within these companies. The report does not disclose the names of the companies under scrutiny.

Notably, the SEC’s scrutiny isn’t new, as they previously filed a lawsuit against SolarWinds and its top information security executive. The lawsuit alleges that the company and its executive misrepresented the cybersecurity posture of the firm, thus deceiving investors amidst the massive hack. This legal action underscores the seriousness with which regulatory bodies are approaching cybersecurity breaches and the accountability they seek from companies in protecting sensitive data and systems.

The inquiries are ongoing and may represent part of broader efforts by regulatory agencies to enhance oversight and regulation surrounding cybersecurity practices within the tech and telecom sectors. As cyber threats continue to evolve and proliferate, regulatory bodies are likely to intensify their scrutiny and enforcement measures to safeguard investors and the integrity of financial markets.