Carding 4 Carders
Professional
What is the danger of half-truths when it comes to multibillion-dollar investments?
Last night, the U.S. Securities and Exchange Commission (SEC) issued an official statement accusing Timothy Brown , head of information security at SolarWinds, of deceiving investors and misleading them about the company's cybersecurity practices.
The complaint filed in the Southern District of New York alleges that Brown violated the anti-fraud provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934.
The SEC is seeking a permanent injunction against Brown, the return of illegally obtained funds with interest, civil sanctions, and a ban on Brown from holding senior positions in other companies.
For months, the SEC has hinted at its intention to indict SolarWinds executives for their role in the cyberattack, which lasted almost two years. The attackers then introduced malware into the Orion proprietary application, which is necessary for monitoring IT systems, which allowed foreign hackers to penetrate dozens of US departments and freely download confidential data from them.
According to the SEC, from the time SolarWinds went public in October 2018 to the December 2020 announcement of the hacker attack, the company provided investors with only general information about the risks, while the company's management, including Brown, were aware of specific shortcomings in cybersecurity practices and increased risks.
Instead of fixing these vulnerabilities, SolarWinds and Brown, according to the SEC, launched a campaign to create a false image of the cyber control environment in SolarWinds, depriving investors of accurate information. The SEC's actions not only accuse SolarWinds and Brown of misleading investors and neglecting to protect the company's critical assets, but also underscore the message to issuers: they need to implement strong control measures that are appropriate to the risks of the environment, and be open to investors about known problems.
A representative of SolarWinds, in turn, expressed disappointment in connection with the "groundless accusations" from the SEC. Brown's lawyer said on his behalf that he "worked with integrity and a high degree of responsibility to continuously improve the company's cybersecurity."
The SEC points to internal reports that indicate that Brown was aware of cybersecurity issues at the company, but did not take steps to address them or report them to a higher level. The Commission also notes that the disclosure of information about the cyber attack in December 2020 was incomplete.
SolarWinds already paid $26 million last year to settle shareholder lawsuits related to the hacking scandal, but the story doesn't seem to end there.
Last night, the U.S. Securities and Exchange Commission (SEC) issued an official statement accusing Timothy Brown , head of information security at SolarWinds, of deceiving investors and misleading them about the company's cybersecurity practices.
The complaint filed in the Southern District of New York alleges that Brown violated the anti-fraud provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934.
The SEC is seeking a permanent injunction against Brown, the return of illegally obtained funds with interest, civil sanctions, and a ban on Brown from holding senior positions in other companies.
For months, the SEC has hinted at its intention to indict SolarWinds executives for their role in the cyberattack, which lasted almost two years. The attackers then introduced malware into the Orion proprietary application, which is necessary for monitoring IT systems, which allowed foreign hackers to penetrate dozens of US departments and freely download confidential data from them.
According to the SEC, from the time SolarWinds went public in October 2018 to the December 2020 announcement of the hacker attack, the company provided investors with only general information about the risks, while the company's management, including Brown, were aware of specific shortcomings in cybersecurity practices and increased risks.
Instead of fixing these vulnerabilities, SolarWinds and Brown, according to the SEC, launched a campaign to create a false image of the cyber control environment in SolarWinds, depriving investors of accurate information. The SEC's actions not only accuse SolarWinds and Brown of misleading investors and neglecting to protect the company's critical assets, but also underscore the message to issuers: they need to implement strong control measures that are appropriate to the risks of the environment, and be open to investors about known problems.
A representative of SolarWinds, in turn, expressed disappointment in connection with the "groundless accusations" from the SEC. Brown's lawyer said on his behalf that he "worked with integrity and a high degree of responsibility to continuously improve the company's cybersecurity."
The SEC points to internal reports that indicate that Brown was aware of cybersecurity issues at the company, but did not take steps to address them or report them to a higher level. The Commission also notes that the disclosure of information about the cyber attack in December 2020 was incomplete.
SolarWinds already paid $26 million last year to settle shareholder lawsuits related to the hacking scandal, but the story doesn't seem to end there.
