SEC and SolarWinds attempting to reach settlement in securities fraud lawsuit

July 3, 2025

In a recent turn of events, the United States Securities and Exchange Commission (SEC) and SolarWinds are currently seeking to settle the securities fraud case against them. Along with SolarWinds’ former Chief Information Security Officer (CISO) Timothy Brown, all three parties have jointly asked the judge for a postponement until September 12, 2025, so the SEC commissioners can finish voting on the settlement. This case dates back to October 2023 when the SEC initially filed a lawsuit against SolarWinds and their former CISO, accusing them of deceiving investors about cyberattacks the company faced, including the well-known Sunburst malware attack in December 2020. Furthermore, the SEC alleged that SolarWinds not only committed securities fraud but also violated SEC reporting standards and Sarbanes-Oxley internal control rules.

While U.S. District Judge Paul A. Engelmayer granted most of SolarWinds’ and the former CISO’s requests for dismissing the claims in July 2024, a specific set of fraud allegations concerning misrepresentations and omissions in a “Security Statement” posted on SolarWinds’ website survived. This Security Statement outlined the company’s cybersecurity practices, which the SEC argued were incomplete and misleading. Despite the judge’s rulings, the SEC expressed readiness to proceed to trial as recently as June 2025 and opposed the defendants’ motion to dismiss the remaining fraud claim.

Surprisingly, on July 2, 2025, the SEC, SolarWinds, and the former CISO jointly informed the judge of their anticipated settlement agreement which is currently in principle. This development suggests a potential resolution to the ongoing legal dispute between the parties. The agreement indicates progress towards resolving the issues surrounding the alleged securities fraud and SEC violations that SolarWinds and its former CISO have been embroiled in for the past few years.

As the case continues to unfold, it remains pivotal to monitor how the settlement discussions progress and await the SEC commissioners’ final approval. The potential settlement marks a significant step towards resolving the allegations brought against SolarWinds and the former CISO, providing potential closure to this long-standing legal battle. The outcome of this case could serve as a precedent for future cybersecurity-related incidents and their implications on companies and individuals involved in such disputes.