SEC Reaches Settlement With SolarWinds Over 2020 Sunburst Cyberattack

SolarWinds, its Chief Information Security Officer Timothy Brown, and the U.S. Securities and Exchange Commission have reached a settlement agreement in principle to resolve a securities fraud lawsuit related to the 2020 Sunburst cyberattack. The SEC had accused SolarWinds of misleading investors by failing to disclose cybersecurity risks and internal control failures, but most of the SEC's claims were dismissed by a federal judge. The parties jointly requested a stay of the litigation proceedings to finalize the settlement, which is subject to approval by the SEC's commissioners. A federal judge granted the stay and requested a status report by September 12, 2025, if the settlement is not finalized by then. This settlement follows the recent acquisition of SolarWinds by private equity firm Turn/River Capital, marking the company's transition from public to private ownership. The resolution aims to conclude the litigation that has spanned multiple years and involved detailed scrutiny of SolarWinds' disclosures around the cyberattack.