SolarWinds under SEC probe for handling of 2020 cyberattack
SolarWinds revealed the Securities and Exchange Commission (SEC) is examining cybersecurity disclosures and public statements the company and its executives made after its massive 2020 data breach caused by hackers backed by the Russian government.
SolarWinds disclosed Thursday in a Form 8-K the SEC sent it a Wells Notice informing the company the agency intends to file an enforcement action “alleging violations of certain provisions of the U.S. federal securities laws with respect to its cybersecurity disclosures and public statements, as well as its internal controls and disclosure controls and procedures.” There was no additional information available about what the alleged violations were.
In the same disclosure, SolarWinds disclosed it entered into a binding settlement term sheet with class-action litigants to offer $26 million to settle a lawsuit related to harms caused to SolarWinds customers because of the breach. The settlement would “fund claims submitted by class members, the legal fees of plaintiffs’ counsel, and the costs of administering the settlement.”