Security News > 2022 > November > SolarWinds reaches $26m settlement with shareholders, expects SEC action

SolarWinds has agreed to pay $26 million to settle a shareholder lawsuit, and it's also expecting to be slapped with an enforcement action by Uncle Sam - both related to its infamous 2020 supply chain security fiasco, according to the software maker's most recent US regulatory filing.

At the end of October, SolarWinds reached a deal with investors who sued the company, alleging they were misled about its security posture in advance of the Russian cyberattack on the business, according to an 8-K filing [PDF] with the US Securities and Exchange Commission.

The settlement, which still must be approved by a judge, would require SolarWinds to pay out $26 million in claims, as well as shareholders' legal fees and the costs of administering the settlement.

SolarWinds urges US judge to toss out crap infosec sueball: We got pwned by actual Russia, give us a break SEC still digging into SolarWinds fallout, nudges undeclared victims US Treasury, Dept of Commerce hacks linked to SolarWinds IT monitoring software supply-chain attack White House to tech world: Promise you'll write secure code - or Feds won't use it.

In addition to reaching a settlement agreement on October 28, SolarWinds also said it also received a Wells notice - this is a letter from the SEC alerting the recipient that the financial watchdog may bring enforcement action against the company or an individual - on the same day.

"The Wells Notice states that the SEC staff has made a preliminary determination to recommend that the SEC file an enforcement action against the company alleging violations of certain provisions of the US federal securities laws with respect to its cybersecurity disclosures and public statements, as well as its internal controls and disclosure controls and procedures," SolarWinds said in an 8-K filing.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/11/04/solarwinds_settlement_sec_enforcement/