Dom DiFurio reports:
In October, four companies collectively paid nearly $7 million as part of a settlement with the Securities and Exchange Commission for allegedly failing to properly inform investors of a cyberbreach affecting their companies, a liability American businesses have not previously faced.
The companies were compromised in a cyberattack targeting their IT software provider in 2019. The attackers could insert a backdoor into a software update, circumventing existing security measures like encryption and authentication. The update was pushed out to potentially tens of thousands of customers, giving the attackers access to information held by those customers, which included government agencies.
Read more at Omaha.com.