In a filing with the U.S. Securities and Exchange Commission, SolarWinds said it has tentatively agreed to pay $26 million to settle a lawsuit over its cybersecurity disclosures ahead of a December 2020 breach that exposed the data of thousands of companies and government offices, Reuters reports. The software company said the SEC alleges it violated U.S. securities law “with respect to its cybersecurity disclosures and public statements, as well as its internal controls and disclosure controls and procedures.” The company maintains its actions were “appropriate.” Editor’s note: Mode Analytics Head of Security and Privacy Rafae Bhatti, CIPP/US, CIPM, looks at takeaways from the SolarWinds breach.
SolarWinds agrees to tentative $26M settlement over data breach
Related stories
Notes from the IAPP Canada: Keeping watch on federal, provincial developments
Italy updates National Cybersecurity and Data Protection Framework
Vietnam's data protection laws: The basics and beyond
Notes from the Asia-Pacific region: NZ OPC calls for 'doing privacy well'
GDPR matchup: Australia's Privacy Act 1988
