SEC Charges SolarWinds And Chief Information Security Officer With Fraud And Cybersecurity Failures

(RTTNews) - The U.S.Securities and Exchange Commission on Monday sued SolarWinds Corp. (SWI), alleging that the software company misled investors about its cybersecurity practices and known risks.

The SEC's complaint alleged that, from at least its October 2018 initial public offering through at least its December 2020 announcement that it was the target of a massive, nearly two-year long cyberattack, dubbed "SUNBURST," SolarWinds and the company's chief information security officer, Timothy Brown, defrauded investors by overstating the company's cybersecurity practices and understating or failing to disclose known risks.

In its filings with the SEC during this period, SolarWinds allegedly misled investors by disclosing only generic and hypothetical risks at a time when the company and Brown knew of specific deficiencies in SolarWinds' cybersecurity practices as well as the increasingly elevated risks the company faced at the same time.

The complaint seeks permanent injunctive relief, disgorgement with prejudgment interest, civil penalties, and an officer and director bar against Brown.