SolarWinds Settles SEC Lawsuit Over 2020 Cyberattack
SolarWinds, the Texas-based software company, has reached a settlement with the U.S. Securities and Exchange Commission (SEC) over charges related to the massive 2020 cybersecurity incident linked to Russia. The company and its chief information security officer, Timothy G. Brown, were accused of investor fraud and concealing known cybersecurity vulnerabilities.
The SEC filed the lawsuit in October 2023, alleging that SolarWinds violated securities laws by failing to disclose significant cybersecurity vulnerabilities and events between October 2018 and December 2020. The company's software was exploited in the SolarWinds cybersecurity attack, which affected thousands of companies and government offices worldwide. Microsoft described the attack as the 'largest and most sophisticated' ever seen.
The parties have agreed to a settlement in principle and are currently finalizing the paperwork. A stay in the case has been granted by District Court Judge Paul A. Engelmayer in the South District of New York. The settlement details are expected to be submitted by September 12, or a status update will be provided to the court.
The settlement between SolarWinds, Timothy G. Brown, and the SEC is expected to bring closure to the federal lawsuit. The terms of the settlement, including any penalties or fines, have not yet been made public. This marks a significant development in the ongoing efforts to address the fallout from the SolarWinds cybersecurity incident.
