Article 6G0Y7 SEC sues SolarWinds and CISO, says they ignored flaws that led to major hack

SEC sues SolarWinds and CISO, says they ignored flaws that led to major hack

by
Jon Brodkin
from Ars Technica - All content on (#6G0Y7)
getty-lock-smashed-screen-800x614.jpg

Enlarge (credit: Getty Images | Sean Gladwell)

The US Securities and Exchange Commission sued SolarWinds Corp. and Chief Information Security Officer Timothy Brown yesterday, alleging that they concealed security failures that led to a nearly two-yearlong cyberattack known as "Sunburst." The attack, reportedly carried out by Russian hackers, inserted malicious code into SolarWinds network-management software used by thousands of customers, including US government agencies and private companies.

From the time of its initial public offering in October 2018 until January 2021, SolarWinds and Brown "defrauded SolarWinds' investors and customers through misstatements, omissions, and schemes that concealed both the Company's poor cybersecurity practices and its heightened-and increasing-cybersecurity risks," the SEC lawsuit said. "SolarWinds' public statements about its cybersecurity practices and risks painted a starkly different picture from internal discussions and assessments about the Company's cybersecurity policy violations, vulnerabilities, and cyberattack."

The SEC sued the company and Brown in US District Court for the Southern District of New York. The SEC is seeking disgorgement of "ill-gotten gains," civil monetary penalties, and a permanent ban on Brown from acting as an officer or director for any company that issues securities.

Read 11 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments