In a complaint filed in the Southern District of New York, the SEC contends that SolarWinds and the company’s chief information security officer, Tim Brown, repeatedly violated the antifraud disclosure and internal controls provisions of federal securities law by not disclosing vulnerabilities that the company knew could lead to a hack.
Later, SolarWinds suffered a breach of its network monitoring software, Orion, that allowed hackers suspected to be connected to the Russian government to infiltrate thousands of customer organizations that included nine federal agencies. The breach began as early as 2019 but only became public in 2020.
https://www.washingtonpost.com/national-security/2023/10/30/solarwinds-computer-breach-sec-russia/
