cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

SolarWinds employees targeted for possible legal action by SEC

The US Securities and Exchange Commission has begun to issue Wells notices to a number of SolarWinds executives over a 2020 cyber attack.

user icon David Hollingworth
Tue, 27 Jun 2023
SolarWinds employees targeted for possible legal action by SEC
expand image

Wells notices — named after the Wells Committee, which proposed such notices — are sent out following the conclusion of an SEC investigation that may lead to civil charges. Their aim is to provide those who receive them time to argue that charges should not be laid.

That is exactly what SolarWinds chief executive Sudhakar Ramakrishna intends to do.

“Recently, SEC staff notified some of our former and current employees that they are considering bringing legal action against these employees along with the company,” Ramakrishna said in an email to employees seen by Dark Reading. “We disagree that any such action is warranted against either the company or any employees, and we will continue to explore a potential resolution of this matter before the SEC makes any final decision. And if the SEC does ultimately decide to initiate any legal action, we intend to vigorously defend ourselves.”

In a press statement, a SolarWinds spokesperson addressed the possible charges.

“We are cooperating in a long investigative process that seems to be progressing to charges by the SEC against our company and officers,” the spokesperson said.

“SolarWinds has acted properly at all times by following long-established best practices for both cyber controls and disclosure.”

The statement goes on to say that SolarWinds was the victim of a “highly sophisticated and unforeseeable attack” that used previously unknown methods. Further, it was backed by a “global superpower”.

SolarWinds fell victim to a supply chain attack that saw the Russian-backed group APT29 — also known as Cozy Bear — gain backdoor access to SolarWinds’ Orion IT admin platform. The hack affected 18,000 customers, including the US Treasury Department, the US Department of Commerce’s National Telecommunications and Information Administration, NATO, UK Government Communications Headquarters, and security firm FireEye.

SolarWinds’ response to the hack has been marked as controversial, as it suggested its customers should disable any AV tools before installation. The company had also been distributing updates infected with APT29’s malware after it first reported the breach to the SEC.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.