United States of America: Filed SEC lawsuit against SolarWinds for allegedly misleading investors about its cybersecurity practices

On 30 October 2023, the US Securities and Exchange Commission (SEC) announced that it filed a lawsuit against SolarWinds Corporation for allegedly misleading investors about its cybersecurity practices and known vulnerabilities. SolarWinds is a Texas-based company that creates software solutions for enterprises, assisting them in the management of their networks, systems, and information technology infrastructure. The SEC has charged SolarWinds and the Chief Information Security Officer with fraud and internal control failures related to known cybersecurity risks. The case has been initiated due to a complaint that alleges that SolarWinds and Brown defrauded investors by overstating the company's cybersecurity practices and understating or failing to disclose these known risks. Furthermore, the SEC alleged that SolarWinds provided misleading information to investors by disclosing only generic and hypothetical risks, even though they were aware of specific cybersecurity deficiencies within the company. The SEC complaint asks the court to grant permanent injunctive relief and civil penalties.