U.S. regulators have filed a lawsuit against SolarWinds, a Texas-based technology company, for alleged fraud and failing to disclose security deficiencies that led to a massive Russian cyberespionage campaign in 2020. The Securities and Exchange Commission (SEC) is seeking civil penalties, reimbursement of ill-gotten gains, and the removal of the company’s top security executive. The breach, which was detected in December 2020, affected U.S. government agencies and numerous private companies. The SEC complaint accuses SolarWinds of concealing poor cybersecurity practices and increasing cybersecurity risks. SolarWinds denies the charges and expresses concern about the impact on national security.
The SEC’s complaint also names Tim Brown, SolarWinds’ then vice president of security, alleging that he defrauded investors and customers by misrepresenting the company’s cybersecurity practices and risks. SolarWinds claims that Brown performed his responsibilities with integrity and looks forward to defending his reputation. SolarWinds’ network management software is used by hundreds of thousands of organizations worldwide, including Fortune 500 companies and government agencies.
The Russian cyberespionage campaign involved infecting thousands of SolarWinds customers through malware embedded in the company’s software updates. This allowed the hackers to infiltrate select targets, including multiple U.S. government agencies. The SEC’s action against SolarWinds is part of a broader effort by the Biden administration to hold publicly traded companies accountable for cybersecurity lapses and failure to disclose vulnerabilities. Under new SEC rules, companies must disclose cybersecurity breaches within four days, with allowances for national security risks.
The SolarWinds hack compromised the email accounts of several victims, including the New York federal prosecutors’ office and the cybersecurity staff at the Department of Homeland Security. SolarWinds argues that the SEC’s action could discourage qualified individuals from pursuing cybersecurity positions and potentially put national security at risk. The company continues to deny the SEC’s allegations and claims that the agency is overreaching.
Focus Keyword: SolarWinds
