SEC Charges SolarWinds and Its CISO With Fraud, Internal Control Failures

Clop gained access to 632,000 DoD and DoJ employees' data in MOVEit hacks, Canada bans WeChat and Kaspersky antivirus, Apple warns Indian opposition lawmakers of state-sponsored attack, much more

Image by Sergei Tokmakov, Esq. https://Terms.Law from Pixabay

The Securities and Exchange Commission (SEC) sued business software company SolarWinds for failing to publicly disclose alleged cybersecurity failures that led to one of history’s most significant computer breaches.

In a complaint filed in the Southern District of New York, the SEC contends that SolarWinds and the company’s chief information security officer, Tim Brown, repeatedly violated the antifraud disclosure and internal controls provisions of federal securities law by not disclosing vulnerabilities that the company knew could lead to a hack.

Later, SolarWinds suffered a breach of its network monitoring software, Orion, that allowed hackers suspected to be connected to the Russian government to infiltrate thousands of customer organizations, including nine federal agencies. The …