Most of the charges filed by the U.S. Securities and Exchange Commission against SolarWinds and its Chief Information Security Officer Timothy Brown concerning a Russian ransomware attack between 2019 and 2020 have been thrown out by Manhattan District Judge Paul Engelmayer for their dependence on speculation and hindsight, according to The Record, a news site by cybersecurity firm Recorded Future.
However, allegations of SolarWinds' securities fraud based on its security statement were sustained by the judge. "In essence, the Statement held out SolarWinds as having sophisticated cybersecurity controls in place and as heeding industry best practices. In reality, based on the pleadings, the company fell way short of even basic requirements of corporate cyber health," wrote Engelmayer, who also noted the firm's security risks stemming from weak passwords and unrestricted admin access to numerous employees. Such a decision has been hailed by SolarWinds, which has disclosed plans to disprove the claim retained by Engelman.
A spokesperson with SolarWinds issued the following statement to SC Media on Friday, July 19: “We are pleased that Judge Engelmayer has largely granted our motion to dismiss the SEC’s claims. We look forward to the next stage, where we will have the opportunity for the first time to present our own evidence and to demonstrate why the remaining claim is factually inaccurate. We are also grateful for the support we have received thus far across the industry, from our customers, from cybersecurity professionals, and from veteran government officials who echoed our concerns, with which the court agreed.”
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news