All of the companies were alleged by the SEC to have downplayed the intrusion, with Unisys discovered by a federal investigation to have regarded the attack's risk as "hypothetical" despite awareness of massive data theft and Avaya disclosing only limited email message access despite knowledge of more extensive compromise.
Organizations would be barred from conducting direct sales of personal information to entities that are at least 50% owned by or located in a country of concern, contractors' foreign employees, and foreign individuals in a country of concern.
Included in the finalized CMMC 2.0 rule are required third-party or Defense Industrial Base Cybersecurity Assessment Center compliance evaluations of contractors dealing with sensitive data although contractors with less sensitive information would be permitted to undergo self-assessments.
Fraudulent crypto token trades have allegedly been conducted by the indicted firms and individuals to lure more investors, according to the Justice Department, which noted the sequestration of over $25 million worth of cryptocurrency and several wash trading bots as part of the operation.
