The U.S. Securities and Exchange Commission (SEC) has announced charges against SolarWinds and Timothy G. Brown, the CISO of the company, following the hacking incident that resulted in the infiltration of malicious code into their software, subsequently affecting their customers’ organizations as well.
According to the SEC, the company’s engineers warned Brown about the insecure network infrastructure that allowed unauthorized access and made it difficult to detect if malicious actors breached it. Despite receiving reports, Brown failed to take action or notify internal stakeholders for remediation.
The charges filed by the SEC include allegations of misleading disclosures in SolarWinds’ stock offering, claiming a higher level of internal security measures than the actual practices, and Brown’s negligence in safeguarding the company’s crucial assets and failure to disclose the resulting risks to shareholders.
TLDR: The U.S. SEC has charged SolarWinds and its CISO, Timothy G. Brown, for their negligence in addressing cybersecurity vulnerabilities and failing to disclose risks to shareholders following a major hacking incident involving the company’s software.