SEC charges SolarWinds and company executive with fraud after massive cybersecurity breach
By Bill Peters
SEC alleges SolarWinds 'ignored repeated red flags' about cybersecurity risks; company calls allegations 'unfounded'
The Securities and Exchange Commission on Monday charged software provider SolarWinds Corp. and its chief information-security officer with fraud and the failure to fully disclose cybersecurity weaknesses, following a historic cyberattack disclosed in 2020 that was purportedly backed by Russia.
SolarWinds (SWI), in a statement, called the allegations "unfounded" and accused the SEC of "overreach." Shares of the company were down 0.2% in after-hours trade on Monday.
The SEC on Monday alleged that from at least SolarWinds' October 2018 IPO through its December 2020 announcement that it had been targeted in the breach, the company and its chief information security officer, Timothy Brown, "defrauded investors by overstating SolarWinds' cybersecurity practices and understating or failing to disclose known risks."
The SEC's complaint alleged that despite warnings from employees, Brown "failed to resolve the issues or, at times, sufficiently raise them further within the company." The agency is seeking civil penalties and an officer and director bar against Brown.
SolarWinds (SWI) is based in Austin, Texas, and develops IT management software for businesses and governments. The attack, which exploited a software update, was one of the biggest ever, compromising scores of customers as well as government agencies and big companies like Microsoft Corp. (MSFT).
Gurbir Grewal, director of the SEC's enforcement division, alleged in a statement that "for years, SolarWinds and Brown ignored repeated red flags about SolarWinds' cyber risks, which were well known throughout the company and led one of Brown's subordinates to conclude: 'We're so far from being a security minded company.'"
A SolarWinds spokesperson accused the SEC of manufacturing claims against the company and Brown.
"We are disappointed by the SEC's unfounded charges related to a Russian cyberattack on an American company and are deeply concerned this action will put our national security at risk," the spokesperson said in a statement.
"The SEC's determination to manufacture a claim against us and our CISO is another example of the agency's overreach and should alarm all public companies and committed cybersecurity professionals across the country," the representative continued.
The SEC, in its complaint, alleged that SolarWinds' public statements ran contrary to the company's own internal diagnosis of its cybersecurity practices.
The agency said that a 2018 company presentation, shared with Brown, called SolarWinds' remote access set-up "not very secure." The presentation added that someone taking advantage of the vulnerability "can basically do whatever without us detecting it until it's too late," potentially causing "major reputation and financial loss."
Other presentations by Brown, during 2018 and 2019, allegedly stated that the "current state of security leaves us in a very vulnerable state for our critical assets," according to the SEC's complaint. The complaint also said that through 2019 and 2020, "multiple communications" among employees, including Brown, questioned SolarWinds' cybersecurity defenses.
Alec Koch, a lawyer representing Brown, said the executive had performed his duties at the company with "diligence, integrity, and distinction."
"Mr. Brown has worked tirelessly and responsibly to continuously improve the company's cybersecurity posture throughout his time at SolarWinds, and we look forward to defending his reputation and correcting the inaccuracies in the SEC's complaint," Koch said in a statement.
Shares of SolarWinds are down 1.2% so far this year.
-Bill Peters
This content was created by MarketWatch, which is operated by Dow Jones & Co. MarketWatch is published independently from Dow Jones Newswires and The Wall Street Journal.
(END) Dow Jones Newswires
10-30-23 1845ET
Copyright (c) 2023 Dow Jones & Company, Inc.-
These Stocks Are (Still) Powering the Bull Market
-
5 Undervalued Energy Stocks to Play the AI Data Center Demand Boom
-
After Earnings, Is Lowe’s Stock a Buy, Sell, or Fairly Valued?
-
5 Stocks With the Largest Fair Value Estimate Cuts After Q1 Earnings
-
10 Stocks With the Largest Fair Value Estimate Increases After Q1 Earnings
-
Markets Brief: Inflation Back in the Spotlight
-
AI Is Booming, but Consumer Spending Is Slowing. Which Will Prevail in the Stock Market?
-
What’s Happening In the Markets This Week
-
3 Dividend Stocks for June 2024
-
After Earnings, Is Alibaba Stock a Buy, Sell, or Fairly Valued?
-
MongoDB Earnings: Slashing Valuation as Execution and Macro to Blame for Lower Guidance
-
Marvell Earnings: We Raise Our Medium-Term AI Forecast and Bring Our Valuation Up to $75
-
Zscaler Earnings: Impressive Traction in Emerging Products Drives Sales Growth for the Quarter
-
Dell Earnings: Raising Valuation on Strong AI, but the Stock Remains Severely Overvalued
-
After Earnings, Is Nvidia Stock a Buy, Sell, or Fairly Valued?
-
The 10 Best Companies to Invest in Now