The SEC fined Flagstar Financial $3.55 million for misleading disclosures about a 2021 data breach, emphasizing the importance of truthful incident reporting. This ruling, along with penalties against IT companies for SolarWinds-related breaches, underscores the SEC’s scrutiny of cybersecurity disclosures. Companies, regardless of jurisdiction, should prioritize transparent and mature processes for incident reporting to protect stakeholders and avoid regulatory consequences.