SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny

SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny

Posted on By CWS

Nov 21, 2025Ravie LakshmananCompliance / Cyber Assault
The U.S. Securities and Alternate Fee (SEC) has deserted its lawsuit towards SolarWinds and its chief data safety officer, alleging that the corporate had misled traders in regards to the safety practices that led to the 2020 provide chain assault.
In a joint movement filed November 20, 2025, the SEC, together with SolarWinds and its CISO Timothy G. Brown, requested the courtroom to voluntarily dismiss the case.
The SEC mentioned its choice to hunt dismissal “doesn’t essentially replicate the Fee’s place on every other case.”
SolarWinds and Brown have been accused by the SEC in October 2023 of “fraud and inner management failures” and that the corporate defrauded traders by overstating its cybersecurity practices and understating or failing to reveal recognized dangers.

The company additionally mentioned each SolarWinds and Brown ignored “repeated pink flags” and did not adequately defend its property, in the end resulting in the availability chain compromise that got here to gentle in late 2020. The assault was attributed to a Russian state-sponsored risk actor referred to as APT29.
“Brown was conscious of SolarWinds’ cybersecurity dangers and vulnerabilities however did not resolve the problems or, at instances, sufficiently elevate them additional throughout the firm,” the SEC alleged on the time.
Nevertheless, in July 2024, many of those allegations have been thrown out by the U.S. District Courtroom for the Southern District of New York (SDNY), stating “these don’t plausibly plead actionable deficiencies within the firm’s reporting of the cybersecurity hack” and that they “impermissibly depend on hindsight and hypothesis.”
Subsequently, the SEC additionally charged Avaya, Examine Level, Mimecast, and Unisys for making “materially deceptive disclosures” associated to the large-scale cyber assault that stemmed from the SolarWinds hack.
In an announcement, SolarWinds CEO Sudhakar Ramakrishna mentioned the newest improvement marks the top of an period that challenged the corporate, and emphasised “we emerge stronger, safer, and higher ready than ever for what lies forward.”

The Hacker News Tags:, , , , , , ,

Related Posts

The Case for Dynamic AI-SaaS Security as Copilots Scale The Case for Dynamic AI-SaaS Security as Copilots Scale The Hacker News
Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack The Hacker News
The State of Cybersecurity in 2025: Key Segments, Insights, and Innovations  The State of Cybersecurity in 2025: Key Segments, Insights, and Innovations  The Hacker News
From Triage to Threat Hunts: How AI Accelerates SecOps From Triage to Threat Hunts: How AI Accelerates SecOps The Hacker News
A Critical Part of Enterprise AI Governance A Critical Part of Enterprise AI Governance The Hacker News
Google Disrupts IPIDEA — One of the World’s Largest Residential Proxy Networks Google Disrupts IPIDEA — One of the World’s Largest Residential Proxy Networks The Hacker News