Skip to main content
close search
site logo
Dive Brief

Majority of SEC civil fraud case against SolarWinds dismissed, but core remains

The court ruling related to claims leading up to and immediately following the 2020 Sunburst supply chain hack.

Published July 18, 2024
David Jones's headshot
Reporter
SolarWinds
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images

A U.S. District Court judge dismissed most of the charges in a civil fraud case filed against SolarWinds by the Securities and Exchange Commission Thursday.

The SEC filed suit in October alleging SolarWinds misled investors about the company’s cybersecurity practices leading up to the Sunburst supply chain hack, which was disclosed in December 2020. The attack that targeted SolarWinds Orion platform impacted thousands of customers, including major U.S. companies and government agencies that used the platform. 

Judge Paul Engelmayer of the U.S. District Court Southern District of New York sustained the SEC’s claims of securities fraud based on SolarWinds' security statement. However, the court dismissed other claims, including all claims involving post-Sunburst disclosures. 

The court also dismissed claims related to the company’s internal accounting and disclosure controls and procedures, as ill-pled. 

Allegations related to a 2017 statement made about the company’s security capabilities on the “trust center” page of its website will continue to be litigated. 

According to court filings, SolarWinds had more than 300,000 customers between October 2018 and January 2021, which covers the period related to the alleged activity.

“We are pleased that Judge Engelmayer has largely granted our motion to dismiss the SEC’s claims,” John Eddy, a spokesperson for SolarWinds, said in an emailed statement from the company. “We look forward to the next stage, where we will have the opportunity for the first time to present our own evidence and to demonstrate why the remaining claim is factually inaccurate.”

The company also expressed gratitude for the industry officials, customers and veteran government officials who raised concerns that echoed the company’s legal arguments in the case

The Orion platform was considered the “crown jewel” of the company’s product platform, accounting for about 45% of revenue during the first nine months of 2020, according to court filings. 

The security statement was originally posted in late 2017, and court filings allege Tim Brown, who was hired as VP of security at the company and later became CISO, was primarily responsible for creating and approving that statement. SolarWinds later went public in October 2018.

The SEC declined to comment.

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell