SEC files lawsuit against SolarWinds

Following the publication of the report, a representative for SolarWinds gave out the following statement:

SolarWinds is accused by the U.S. Securities and Exchange Commission (SEC) of deceiving investors by ostensibly hiding cybersecurity protection concerns prior to a December 2020 incident connected to APT29, the hacking section of the Russian Foreign Intelligence Service (SVR).

Three years ago, this threat organization was behind the SolarWinds supply-chain hack that resulted in the compromise of many federal agencies in the United States.

The SEC alleges that SolarWinds neglected to alert investors about cybersecurity threats and subpar procedures that its Chief Information Security Officer, Timothy G. Brown, who is also being sued by regulatory bodies, was aware of. Rather, the business is said to have simply provided investors with general and hypothetical risks.

Gurbir S. Grewal, the head of the SEC’s Division of Enforcement, said, “We allege that, for years, SolarWinds and Brown ignored repeated red flags about SolarWinds’ cyber risks, which were well known throughout the company and led one of Brown’s subordinates to conclude: ‘We’re so far from being a security minded company.'”

“Rather than address these vulnerabilities, SolarWinds and Brown engaged in a campaign to paint a false picture of the company’s cyber controls environment, thereby depriving investors of accurate material information.”

Our profound concerns are that the SEC’s baseless accusations regarding a Russian cyberattack on an American corporation would jeopardize our national security. We are disappointed by this. The SEC’s resolve to fabricate a case against us and our chief information security officer is an additional illustration of the agency’s excessive reach and ought to worry all publicly traded corporations and dedicated cybersecurity experts nationwide. We’re eager to present the facts in court and keep up our Secure by Design pledge to help our clients.