SolarWinds said the Securities and Exchange Commission is investigating the company in connection with the 2020 cyberattack on its Orion software platform, according to a SEC filing last week.
The SEC provided SolarWinds with a Wells Notice to recommend enforcement action alleging violations of certain securities laws related to cybersecurity disclosures and public statements. It is also looking into internal controls and disclosure controls and procedures.
SolarWinds considers its internal controls appropriate and will respond to the allegations, the company said. The Wells Notice is not considered a formal charge nor a final determination.
The company also entered into a $26 million settlement in late October in a class action lawsuit related to the cyberattack . The agreement would also cover legal and administrative fees.
“While we still have ongoing government investigations related to cyber matters, and we’ll continue our approach of transparency and collaboration, having resolved this litigation will enable the company to focus on our strategy,” Barton Kalsu, executive VP, CFO and treasurer said during the company’s quarterly conference call with analysts.
The agreement is subject to several conditions, including final court approval. The proposed settlement would resolve all claims and would not constitute an admission of fault or liability, according to the filing.
SolarWinds said the settlement was approved by its insurers and would be paid through the applicable directors’ and officers’ liability insurance.
SEC officials did not return a request for comment.
