Amerikansk advokatfirma skriver i notat om det amerikanske finanstilsyns bødestraf til fire selskaber for ikke at overholde oplysningskrav om cybersecurity: ”On October 22, 2024, the U.S. Securities and Exchange Commission (the “SEC”) announced settled charges in separate actions against four technology companies— Avaya Holdings Corp. (“Avaya”), Check Point Software Technologies Ltd. (“Check Point”), Mimecast Limited (“Mimecast”), and Unisys Corp. (“Unisys”)—each of which was a downstream victim of the unprecedented 2020 cyber-attack in which threat actors believed to be state-sponsored hackers in Russia inserted malware called SUNBURST (the “SUNBURST malware”) into a SolarWinds software update (the “SUNBURST attack”). According to the SEC’s Orders (the “Orders”), all four companies had, unknowingly installed the SUNBURST malware prior to the public announcement of the SUNBURST attack in 2020, and all four were ultimately compromised by the perpetrators of that attack. The SEC alleged that each company made materially misleading cybersecurity-related statements or omissions related to these events.”
Morten W. Langer
