Wide-Ranging SolarWinds Probe Sparks Fear in Corporate America (reuters.com) 22
A U.S. Securities and Exchange Commission investigation into the SolarWinds Russian hacking operation has dozens of corporate executives fearful information unearthed in the expanding probe will expose them to liability, Reuters reported Friday, citing six people familiar with the inquiry. From the report: The SEC is asking companies to turn over records into "any other" data breach or ransomware attack since October 2019 if they downloaded a bugged network-management software update from SolarWinds, which delivers products used across corporate America, according to details of the letters shared with Reuters. People familiar with the inquiry say the requests may reveal numerous unreported cyber incidents unrelated to the Russian espionage campaign, giving the SEC a rare level of insight into previously unknown incidents that the companies likely never intended to disclose.
"I've never seen anything like this," said a consultant who works with dozens of publicly traded companies that recently received the request. "What companies are concerned about is they don't know how the SEC will use this information. And most companies have had unreported breaches since then." The consultant spoke on condition of anonymity to discuss his experience. The requests are voluntary, and companies are obliged to disclose anything material to investors. But the fact the inquiries comes from the SEC's enforcement staff could raise the prospect of investigations and steep penalties if companies fail to disclose breaches or did not have the appropriate controls in place to deal with past attacks, four attorneys who regularly handle SEC cases said. Further reading: What it was like inside Microsoft during the worst cyberattack in history.
"I've never seen anything like this," said a consultant who works with dozens of publicly traded companies that recently received the request. "What companies are concerned about is they don't know how the SEC will use this information. And most companies have had unreported breaches since then." The consultant spoke on condition of anonymity to discuss his experience. The requests are voluntary, and companies are obliged to disclose anything material to investors. But the fact the inquiries comes from the SEC's enforcement staff could raise the prospect of investigations and steep penalties if companies fail to disclose breaches or did not have the appropriate controls in place to deal with past attacks, four attorneys who regularly handle SEC cases said. Further reading: What it was like inside Microsoft during the worst cyberattack in history.
Good (Score:5, Insightful)
If the companies are shown to have been hiding material information from investors, then they deserve penalties.
Re:Good (Score:4, Funny)
You mean wall street doesn't reward bad behavior?
Re:Good (Score:4, Insightful)
Re: (Score:3)
Re: (Score:3)
The fact that Solar Winds should have never been purchased will never be a factor here. Not joking by the way - a management system which allows deployment of unsigned updates and turning off verification signatures is not a security measure. It is a security backdoor the size of the Arc De Triumph.
They will all blame the "supplier" and the fact that none of them did elementary due diligence will not be anywhere in the SEC discussion and following releases.
Re: (Score:1)
It will be healthy for the environment.... (Score:2)
Re: (Score:2)
Didn't you hear? Clouds have a silver lining. It's called open-source and it's 1,000 eyes are on the job.
Silver Cloud (Score:2)
Back in the day, every Silver Cloud had a leather lining.
Re: (Score:2)
rossdee deadpanned:
Back in the day, every Silver Cloud had a leather lining.
Nice "inside" joke! Me like the way you Rolls ...
Re: (Score:2)
What does U2's lead guitarist [wikipedia.org] have to do with information security?
Does not compute (Score:2)
>The requests are voluntary, and companies are obliged
They use the work voluntary in a way that doesn't seem compatible with being obliged.
Re: (Score:2)
No, they use "obliged" in a way that makes it clear what they mean by "voluntary."
*sshhhhhinnng* *shhhhINNGGG!* (Score:5, Informative)
That's the sound of the whetstone on the blade of the axe.
And to me, it's beautiful music.
I hope heads roll. I hope the stock market plummets and smashes a hole into the ground so deep, that downtown Manhattan gives up, sticks a few ladders in the hole, and calls it a swimming pool. I hope the proverbial blood of millions flows into that hole and shatters the souls of millions.
Because Wall Street has been living a lie since the Office of the Comptroller of Currency started watering down Glass-Steagall in the 60s, and they started raping the world with that lie using the shiny bronze balls of the Charging Bull on November 12, 1999, when Clinton signed the Grammâ"Leachâ"Bliley Act.
No more.
No more "too big to fail".
No more lies.
The economy is sick because it's full of pus. And the only way forward is to lance the abcess and drain the pus.
Re: (Score:3)
I agree with you but it won't. Even Equifax, which had the worst security you can imagine, ended up with a lower stock price for a while but they have recovered. Now it's like it never happened (except they are still insecure and have programmers who don't know what they are doing).
Re: (Score:3)
Even Equifax
The only thing that will get heads to roll is if the mistake results in a material financial impact to the company AND the officers knew or should have known and failed to disclose these fact to the shareholders.
In your example (Equifax) the settlement was for a pittance. Free credit checks for everyone. And maybe reimbursement of costs and losses if they can be proven* to be due to the data breech. Equifax came out of that deal smelling like a rose. No doubt in part to the roll they play in assisting gove
Re: (Score:1)
I seem to recall something called Wikileaks. How'd that work out for the liberty and openness of the world?
How do you imagine Russian and Chinese blackmail operations deciding which American corporate executives are exposed and which stay in gravy would work out for the US economy?
maybe sneaky tricksters? (Score:2)
Basically Russia and China. (Score:1, Flamebait)
People in a free society have this mistaken belief that authoritarian states run on outright violence, but their bread-and-butter tactics are extortion and blackmai
Corporate Liability? Really? (Score:4, Insightful)
Corporate liability for irresponsible or even criminal behaviour is non-existent in the United States, and almost non-existent elsewhere.
Oh i didn't read this properly (Score:1)
Same AS It Ever Was (Score:2)
Corporate America is not concerned about vulnerability, only liability.