Advertisement

SolarWinds agrees to pay $26M to settle shareholder lawsuit over 2020 cyberattack

The company also warned that the SEC has made a preliminary decision to take action against the company over the breach.
The SolarWinds Corp. logo is seen at the headquarters in Austin, Texas on April 15, 2021 in Austin, Texas. (Photo by SUZANNE CORDEIRO / AFP)

IT software giant SolarWinds has agreed to pay $26 million to settle a securities class action lawsuit filed by shareholders over the cyberattack on the company’s Orion software platform and internal systems that was discovered in late 2020.

The technology giant disclosed the settlement in a regulatory filing on Nov. 3 and also warned it has received notice from the Securities and Exchange Commission that the regulator has made a preliminary decision to file an enforcement action against the company over the cyber breach.

“SEC staff has made a preliminary determination to recommend that the SEC file an enforcement action against the Company alleging violations of certain provisions of the U.S. federal securities laws with respect to its cybersecurity disclosures and public statements, as well as its internal controls and disclosure controls and procedures,” SolarWinds disclosed in its 8-K filing. 

During the breach, which was disclosed in late 2020, suspected Russia-backed hackers used routine software updates to add malicious code into the company’s Orion software product, which was used as a vehicle for a major cyberattack launched against private and public sector entities.

Advertisement

At least eight federal government agencies had systems compromised as a result of the attack.

As part of the settlement, the software maker did not acknowledge any wrongdoing and alleged they were misled about its security apparatus in advance of the attack. The sum will be paid by the company’s insurers who authorized and approved the sum, according to an 8-K filing with the US Securities and Exchange Commission.

“The settlement, if approved, would require the Company to pay $26 million to fund claims submitted by class members, the legal fees of plaintiffs’ counsel and the costs of administering the settlement,” the company said in its 8K filing

The SolarWinds attack took place over the course of almost nine months and affected roughly 18,000 entities in total.

The cyberattack occurred because SolarWinds, an IT company that runs network management systems for thousands of clients, was infiltrated through the company’s Orion software updates distributing malware to its customers’ computers.

Advertisement

In early 2021, SolarWinds stockholders sued the company after the stock tanked from news of the supply chain attack on SolarWinds’s software, which was first publicly reported in December 2020. In the second half of 2021 the company asked a US federal judge to throw out the lawsuit, claiming that it was “the victim of the most sophisticated cyberattack in history,” and described the legal arguments of certain shareholders as a way to “convert this sophisticated cyber-crime” into an unfair and unrelated securities fraud lawsuit.

As a result of the Wells notice, the SEC could force the company to stop engaging in future violation of federal securities laws subject to the action, impose civil monetary penalties and other equitable relief within the agency’s authority. 

It remains unclear if or when the SEC will take enforcement action and what the potential consequences of this could be for SolarWinds.

Nihal Krishan

Written by Nihal Krishan

Nihal Krishan is a technology reporter for FedScoop. He came to the publication from The Washington Examiner where he was a Big Tech Reporter, and previously covered the tech industry at Mother Jones and Global Competition Review. In addition to tech policy, he has also covered national politics with a focus on the economy and campaign finance. His work has been published in the Boston Globe, USA TODAY, HuffPost, and the Arizona Republic, and he has appeared on NPR, SiriusXM, and PBS Arizona. Krishan is a graduate of Arizona State University’s Walter Cronkite School for Journalism. He grew up in South Korea, Saudi Arabia, India, and Singapore before moving to the United States to study politics and journalism. You can reach him at nihal.krishan@fedscoop.com.

Latest Podcasts