- Check Point Software Technologies said it has cooperated with a Securities and Exchange Commission inquiry related to the SolarWinds Orion cyber vulnerability, according to a Dec. 5 filing with the SEC.
- Check Point voluntarily provided documents and other information, advising the agency of its access to the software. The company had access to a limited testing environment, but did not have any access to sensitive data, customer information, code or any other company assets, according to the filing.
- The company is in settlement talks with the SEC about whether this should have been disclosed in an annual report. Any payment it may need to make under an agreement is not expected to have a material impact, the company said.
The SEC has been investigating SolarWinds in connection with disclosures it made regarding the 2020 nation-state supply chain attack.
The agency in October filed civil charges against the company and its CISO Timothy Brown — who was a VP of security in 2020 — alleging they misled investors about the company’s security capabilities.
SolarWinds officials have vehemently denied the allegations, claiming the entire investigation was improper, citing years of cooperation with federal authorities on working to improve the nation’s cyber infrastructure and secure development practices.
The SEC previously sent a Wells Notice to SolarWinds in connection with an investigation of Brown as well as the company’s CFO, though the CFO was not charged.
The SEC has requested companies to voluntarily provide information in connection with the SolarWinds investigation. The questions relate to failures to disclose information to investors.
Asked specifically about the other requests, a spokesperson for the SEC said the agency does not comment on the existence or non-existence of investigations.
Check Point said any payment to the SEC would not have a material impact on its financial results, operations or overall financial condition.
A spokesperson for Check Point declined to elaborate on the disclosures, but emphasized the talks may or may not result in a settlement.
The company also cautioned there is no guarantee the negotiations will be settled under the current terms being discussed. Any settlement with the SEC would be subject to approval by the agency’s commissioners, according to the filing.
It is not immediately known whether the SEC contacted other security companies.