In a filing with the U.S. Securities and Exchange Commission, SolarWinds said it has tentatively agreed to pay $26 million to settle a lawsuit over its cybersecurity disclosures ahead of a December 2020 breach that exposed the data of thousands of companies and government offices, Reuters reports. The software company said the SEC alleges it violated U.S. securities law “with respect to its cybersecurity disclosures and public statements, as well as its internal controls and disclosure controls and procedures.” The company maintains its actions were “appropriate.” Editor’s note: Mode Analytics Head of Security and Privacy Rafae Bhatti, CIPP/US, CIPM, looks at takeaways from the SolarWinds breach.