On October 30, 2023, the US Securities and Exchange Commission (SEC or Commission) sued SolarWinds and its Chief Information Security Officer (CISO) for fraud, false reporting, and internal and disclosure control violations related to the massive SUNBURST cybersecurity attack. The SEC was unable to reach a settlement with the company or the CISO following the conclusion of the Commission’s enforcement investigation and was forced to file a litigated action against the defendants.
Notably, the CISO is the only individual defendant named in the SEC’s suit, even though the Commission previously sent Wells Notices to other SolarWinds officers and employees. As we discussed in a prior post, SolarWinds previously disclosed that “certain current and former executive officers and employees” had received Wells Notices stating “that the SEC staff has made a preliminary determination to recommend that the SEC file a civil enforcement action against the recipients alleging violations of certain provisions of the U.S. federal securities laws.”
The SEC does not normally file suits against defendants in a piecemeal fashion, and likely won’t here, given that its investigation…
