SEC Sues Software Company SolarWinds and CISO for Ignoring Cybersecurity Risks Prior to Massive Russian Hack

SEC accuses SolarWinds and CISO Tim Brown of deceiving investors about the firm's weak cybersecurity practices, ignoring red flags that led to a major Russian cyberattack in 2020 which breached several government agencies and private corporations.

The U.S. Securities and Exchange Commission (SEC) has filed a lawsuit against SolarWinds and its Chief Information Security Officer (CISO), Tim Brown, for their alleged failure to disclose significant cybersecurity risks and concerns to investors.
SEC asserts that SolarWinds and Brown ignored numerous warnings about the company's cybersecurity risks that were apparent within the company, thus providing misleading picture about the company’s cybersecurity practices.
The lawsuit underlines the fact that Brown internally acknowledged the weak security posture of SolarWinds in several presentations made to the company, stating that their 'current state of security leaves us in a very vulnerable state'.
SolarWinds' software was breached in a massive Russian cyberespionage campaign in 2020, compromising multiple U.S. government agencies, private companies, and think tanks.
SolarWinds and Brown have strongly refuted the SEC's allegations, arguing that the lawsuit represents the agency's overreach and intends to vigorously defend the company and its practices in court.