SolarWinds, a software company based in Austin, Texas, has reached a preliminary agreement with the U.S. Securities and Exchange Commission (SEC) to resolve a lawsuit tied to the Sunburst cyberattack, a large-scale breach linked to Russian hackers. The deal, which also involves SolarWinds' Chief Information Security Officer, Timothy Brown, comes after nearly two years of litigation. The SEC had alleged that the company and Brown misled investors by concealing cybersecurity vulnerabilities. However, much of the case was dismissed in 2023 by U.S. District Judge Paul Engelmayer, who said the SEC’s claims relied on "hindsight and speculation."
Both parties requested a stay in court proceedings to finalize settlement documents, which Judge Engelmayer approved. The parties are expected to file the final paperwork or a joint status update by September 12, 2025. While an SEC spokesperson declined to provide additional details, a SolarWinds representative stated, “We are pleased with the potential resolution and happy to focus on driving our business forward without distraction.” The Sunburst attack had compromised numerous U.S. government agencies and companies by exploiting software updates from SolarWinds, making this case a significant legal test for public companies managing cybersecurity disclosures.
