The commission sent letters to a number of companies demanding to voluntarily admit that they were victims of a cyber attack and did not report it.
The US Securities and Exchange Commission (SEC) opened an investigation into security incidents related to the SolarWinds hack last December, focusing on whether some companies had hidden information that they were also affected by the hack. This was reported to the Reuters news agency by two knowledgeable sources who wished to remain anonymous.
At the end of last week, the SEC sent letters to a number of public issuers and investment firms demanding to voluntarily admit that they were victims of a cyber attack and did not report it. In addition, the commission asked for information about whether the public companies that became victims of the SolarWinds hack faced internal control violations and leaked information about insider trading.
The SEC also examines the policies of some companies to determine if they are aimed at protecting customer information.
If issuers and investment firms respond to letters from the commission and provide details of the breaches, they will not be subject to enforcement actions related to past shortcomings, including failures of internal accounting controls.
While the emails focus on the SolarWinds hack, the SEC could develop future policies regarding the impact of cybersecurity concerns on markets and investors, people familiar with the matter said.
Catch up on more articles here
Follow us on Twitter here