Summary: A U.S. District Court judge dismissed most charges in a civil fraud case against SolarWinds by the SEC, which alleged the company misled investors about its cybersecurity practices prior to the Sunburst hack. While some claims were dismissed, the court sustained allegations related to a 2017 security statement on the company’s website.
Threat Actor: SolarWinds | SolarWinds
Victim: Investors | Investors
Key Point :
- The SEC filed suit against SolarWinds in October, claiming the company misled investors about its cybersecurity practices before the Sunburst hack.
- Judge Engelmayer dismissed most claims but allowed litigation on allegations related to a 2017 security statement to proceed.
- SolarWinds expressed satisfaction with the ruling and looks forward to presenting its evidence in court.
- The Orion platform, targeted in the Sunburst attack, was a significant revenue source for SolarWinds, accounting for 45% of revenue in early 2020.
A U.S. District Court judge dismissed most of the charges in a civil fraud case filed against SolarWinds by the Securities and Exchange Commission Thursday.
The SEC filed suit in October alleging SolarWinds misled investors about the company’s cybersecurity practices leading up to the Sunburst supply chain hack, which was disclosed in December 2020. The attack that targeted SolarWinds Orion platform impacted thousands of customers, including major U.S. companies and government agencies that used the platform.
Judge Paul Engelmayer of the U.S. District Court Southern District of New York sustained the SEC’s claims of securities fraud based on SolarWinds’ security statement. However, the court dismissed other claims, including all claims involving post-Sunburst disclosures.
The court also dismissed claims related to the company’s internal accounting and disclosure controls and procedures, as ill-pled.
Allegations related to a 2017 statement made about the company’s security capabilities on the “trust center” page of its website will continue to be litigated.
According to court filings, SolarWinds had more than 300,000 customers between October 2018 and January 2021, which covers the period related to the alleged activity.
“We are pleased that Judge Engelmeyer has largely granted our motion to dismiss the SEC’s claims,” John Eddy, a spokesperson for SolarWinds, said in an emailed statement from the company. “We look forward to the next stage, where we will have the opportunity for the first time to present our own evidence and to demonstrate why the remaining claim is factually inaccurate.”
The company also expressed gratitude for the industry officials, customers and veteran government officials who raised concerns that echoed the company’s legal arguments in the case
The Orion platform was considered the “crown jewel” of the company’s product platform, accounting for about 45% of revenue during the first nine months of 2020, according to court filings.
The security statement was originally posted in late 2017, and court filings allege Tim Brown, who was hired as VP of security at the company and later became CISO, was primarily responsible for creating and approving that statement. SolarWinds later went public in October 2018.
The SEC declined to comment.
Source: https://www.cybersecuritydive.com/news/majority-sec-fraud-solarwinds-dismissed/721753
“An interesting youtube video that may be related to the article above”