"SolarWinds Agrees to Pay $26 Million to Settle Shareholder Lawsuit Over Data Breach"
Texas-based IT management solutions provider SolarWinds has recently agreed to pay $26 million to settle a shareholder lawsuit over the data breach disclosed by the company in 2020. The cyberattack involved Russia-linked threat actors breaching SolarWinds systems in 2019 or possibly even earlier. The adversaries compromised the automated build environment for the company’s Orion monitoring software, and in the spring of 2020, they pushed out malicious Orion updates to SolarWinds customers. The malicious updates were sent out to thousands of SolarWinds customers, but only approximately 100 organizations were of interest to the attackers and received additional malware. This included private and government organizations. In December 2020, the breach came to light. In January 2021, SolarWinds investors filed a class action lawsuit against the company, unhappy with the impact the breach and its disclosure had on the value of their shares. The settlement, which has been authorized and approved by insurers, still needs to be approved by a court. According to a SEC filing, the SEC might be taking action against the company over its “cybersecurity disclosures and public statements, as well as its internal controls and disclosure controls and procedures.” SolarWinds’ latest financial report shows that the cybersecurity incident has cost it tens of millions of dollars to date, and the company expects to continue to incur significant expenses associated with the breach.