Most of the charges filed by the U.S. Securities and Exchange Commission against SolarWinds and its Chief Information Security Officer Timothy Brown concerning a Russian ransomware attack between 2019 and 2020 have been thrown out by Manhattan District Judge Paul Engelmayer for their dependence on speculation and hindsight, according to The Record, a news site by cybersecurity firm Recorded Future.
However, allegations of SolarWinds' securities fraud based on its security statement were sustained by the judge. "In essence, the Statement held out SolarWinds as having sophisticated cybersecurity controls in place and as heeding industry best practices. In reality, based on the pleadings, the company fell way short of even basic requirements of corporate cyber health," wrote Engelmayer, who also noted the firm's security risks stemming from weak passwords and unrestricted admin access to numerous employees. Such a decision has been hailed by SolarWinds, which has disclosed plans to disprove the claim retained by Engelman.
