SEC Alleges SolarWinds Misrepresented Cybersecurity Vulnerabilities Prior to Breach
On Monday, the Securities and Exchange Commission accused SolarWinds Corp. of deceiving investors by downplaying security risks before a software hack that had widespread effects on computer systems in the US government and corporate America.
The SEC also accused SolarWinds’ chief information security officer, Tim Brown, of violating securities rules in a lawsuit filed in Manhattan federal court. The action is the first time a regulator has sued a chief information security officer over a cybersecurity issue.
The SolarWinds hack was one of the worst cyber breaches in history, affecting hundreds of public companies and numerous government agencies. The motives for the breach are still unclear. The United States accused Russia and sanctioned dozens of entities and officials for hacking. Russia has denied its involvement.
The attackers installed malicious code in updates to popular SolarWinds software widely used by government and businesses. The SEC claimed that SolarWinds and Brown were warned about weak cybersecurity within the company, but they painted a much rosier picture for investors.
Texas-based SolarWinds is exploring options, including a potential sale, people familiar with the matter said last week.