The agency said Unisys, Avaya Holdings, Check Point Software Technologies and Mimecast provided misleading disclosures about the incidents, leaving investors in the dark about their “true scope.”