SEC probes tech and telecom firms on response to SolarWinds cyberattack

The U.S. Securities and Exchange Commission is asking technology and telecom companies how they handled the SolarWinds cyber attack in 2020, Bloomberg News reported on Tuesday, citing people familiar with the matter.

The hack of information technology company SolarWinds, one of the broadest and most sophisticated cyber attacks in the United States, was identified in December 2020 and gave away access to thousands of companies and government offices that used its products.

Hackers were able to use the company’s flagship network management software called Orion as a springboard into U.S. government networks and international targets.

The regulator has asked for internal communications of affected companies about the cyber attack’s impact, probing for gaps in corporate security and for other cyber incidents, the report said, citing people familiar with the matter who did not identify the companies.

The SEC did not immediately respond to a Reuters request for comment on the report.

Last year, the SEC sued the software company and its top information security executive, saying they defrauded investors by hiding cybersecurity weaknesses during the massive hack. Reuters