The US sued a software company targeted in a massive Russian cyber espionage campaign Monday.
The Securities and Exchange Commission (SEC) suit against Texas-based SolarWinds is seeking civil penalties, reimbursement of “ill-gotten gains” and the removal of the company’s top security executive, Tim Brown, according to The Associated Press.
“We allege that, for years, SolarWinds and Brown ignored repeated red flags about SolarWinds’ cyber risks, which were well known throughout the company and led one of Brown’s subordinates to conclude: ‘We’re so far from being a security minded company, ‘” Gurbir S. Grewal, director of the SEC’s Division of Enforcement said in a press release.
The December 2020 SolarWinds hack resulted in the breach of government agencies like the Justice Department and the Department of Homeland security, as well as over 100 private companies and think tanks.
The complaint says that in the same month in late 2018 as SolarWinds registered for an initial public offering (IPO), Brown said in an internal presentation the company’s “current state of security leaves us in a very vulnerable state,” according to the AP.
,[I]t is alarming that the Securities and Exchange Commission (SEC) has now filed what we believe is a misguided and improper enforcement action against us, representing a regressive set of views and actions inconsistent with the progress the industry needs to make and the government encourages, ” SolarWinds president and CEO Sudhakar Ramakrishna said in a blog. post,
Brown’s lawyer, Alec Koch, said in a statement that “has worked tirelessly and responsibly to continuously improve the Company’s cybersecurity posture throughout his time at SolarWinds.”
,[W]e look forward to defending his reputation and correcting the inaccuracies in the SEC’s complaint,” Koch continued in a statement emailed to The Hill.
The Associated Press contributed.