Reuters reported today that the SEC is investigating last year’s hack of SolarWinds, focusing on whether SEC registrants failed to disclose that they had been impacted by the cyber breach.[1]   According to the article, the SEC sent voluntary requests for information to “a number of public issuers and investment firms…”  The SEC is reportedly investigating whether SolarWinds customers had been victims of the hack and failed to adequately disclose that fact.

As is customary in these investigations, the SEC is reportedly inquiring whether such hacking victims had suffered from internal-controls deficiencies.  The SEC is also looking for unusual or opportunistic trading patterns suggestive of potential insider trading.  And of course the SEC is inquiring into potential violations of Reg SP to determine whether the companies have policies designed to protect customer information and data privacy.

If the hacking victims respond to the SEC by disclosing information about the breaches, they could avoid facing enforcement action “relating to historical failures,” according to the article.


[1] The article can be accessed at: U.S. SEC probing SolarWinds clients over cyber breach disclosures -sources | Reuters