SEC Sues SolarWinds for Fraud and Negligence in Cyberattack Fallout
The Securities and Exchange Commission (SEC) has filed a lawsuit against SolarWinds, alleging that the company committed fraud and failed to maintain adequate internal controls prior to the massive cyberattack it suffered in 2019. The SEC also named SolarWinds' chief information security officer, Tim Brown, in the lawsuit, claiming that the company overstated its cybersecurity practices and understated known vulnerabilities. The attack, attributed to a Russian-backed hacking group, compromised SolarWinds' Orion software, which was widely used by government agencies. The SEC alleges that SolarWinds misled investors about its cybersecurity compliance and failed to disclose the extent of the vulnerabilities exploited by the hackers. SolarWinds has stated that it believes the SEC's enforcement action is misguided and improper and will contest the charges in court.