AUSTIN, Texas — An Austin-based software company is facing federal charges from the U.S. Securities and Exchange Commission (SEC).
The SEC claims that SolarWinds and its Chief Information Security Officer Timothy G. Brown misled its investors about its vulnerabilities. The charges stem from the "SUNBURST" cyberattack, which lasted nearly two years.
Russian hackers targeted SolarWinds in October 2018 during an initial public offering, which affected software that's used by customers, including some government agencies. The lawsuit also claims that SolarWinds employees, including Brown, questioned the company's ability to protect its critical assets from a cyberattack throughout 2019 and 2020 but failed to resolve any of the issues.
According to the lawsuit, SolarWinds only disclosed generic and hypothetical risks, even though Brown allegedly knew specific deficiencies in the company's cybersecurity practices. In response to the lawsuit, a SolarWinds spokesperson denied the SEC's claims.
Here's the full statement KVUE received from SolarWinds:
“We are disappointed by the SEC’s unfounded charges related to a Russian cyberattack on an American company and are deeply concerned this action will put our national security at risk. The SEC’s determination to manufacture a claim against us and our CISO is another example of the agency’s overreach and should alarm all public companies and committed cybersecurity professionals across the country. We look forward to clarifying the truth in court and continuing to support our customers through our Secure by Design commitments."