Security News > 2023 > November > SEC Charges SolarWinds and CISO With Fraud Related to 2020 Cyberattack
The Securities and Exchange Commission brought charges against both Austin, TX-based information security software company SolarWinds and its CISO Timothy G. Brown on October 30.
The SEC alleges that between SolarWinds' October 2018 initial public offering and the December 2020 announcement of the large-scale cyberattack, SolarWinds and Brown specifically " defrauded investors by overstating SolarWinds' cybersecurity practices and understating or failing to disclose known risks.
The SEC alleges that SolarWinds didn't disclose the full extent of the Sunburst cybersecurity incident on Dec. 14, 2020.
SolarWinds had filed a Form 8-K on that date; that is the form the SEC requires organizations to fill out in order to formally notify investors in the event of a significant event.
"As a result of these lapses, the company allegedly also could not provide reasonable assurances that its most valuable assets, including its flagship Orion product, were adequately protected" despite SolarWinds continuing to reassure its customers that their data was safe, the SEC said.
"We are disappointed by the SEC's unfounded charges related to a Russian cyberattack on an American company and are deeply concerned this action will put our national security at risk," SolarWinds said in a public statement emailed to TechRepublic.
News URL
https://www.techrepublic.com/article/sec-solarwinds-charge-fraud/
Related news
- Tech firms to pay millions in SEC penalties for misleading SolarWinds disclosures (source)
- SEC charges tech companies for downplaying SolarWinds breaches (source)
- SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures (source)
- SEC fines tech companies for misleading SolarWinds disclosures (source)