←back to thread

SEC charges four companies with misleading cyber disclosures

(www.sec.gov)

81 points impish9208 | 3 comments | 22 Oct 24 16:56 UTC | HN request time: 0.001s | source

Show context

MattSteelblade ◴[22 Oct 24 18:14 UTC] No.41917058[source]▶

>>41916246 (OP) #

> Unisys will pay a $4 million civil penalty;

> Avaya. will pay a $1 million civil penalty;

> Check Point will pay a $995,000 civil penalty; and

> Mimecast will pay a $990,000 civil penalty.

With the exception of Mimecast, these are companies that are bringing in billions of dollars in revenue annually. How is this supposed to deter them?

replies(7): >>41917158 #>>41917164 #>>41917717 #>>41917985 #>>41918127 #>>41918370 #>>41918473 #

1. 0xffff2 ◴[22 Oct 24 18:24 UTC] No.41917158[source]▶

They pay the penalty and they are expected fix the issue. If they don't, there will be additional enforcement actions.

replies(1): >>41917329 #

2. Mistletoe ◴[22 Oct 24 18:40 UTC] No.41917329[source]▶

>>41917158 (TP) #

Doing anything at all probably costs more than $1M.

replies(1): >>41917823 #

3. alephnerd ◴[22 Oct 24 19:30 UTC] No.41917823[source]▶

Not that much more.

Furthermore, security vendors like Avaya and Unisys could arguably be in breach of contract with customers because it could be argued that they misrepresented their internal security protocols to customers.