In a filing with the U.S. Securities and Exchange Commission, SolarWinds said it has tentatively agreed to pay $26 million to settle a lawsuit over its cybersecurity disclosures ahead of a December 2020 breach that exposed the data of thousands of companies and government offices, Reuters reports. The software company said the SEC alleges it violated U.S. securities law “with respect to its cybersecurity disclosures and public statements, as well as its internal controls and disclosure controls and procedures.” The company maintains its actions were “appropriate.” Editor’s note: Mode Analytics Head of Security and Privacy Rafae Bhatti, CIPP/US, CIPM, looks at takeaways from the SolarWinds breach.
SolarWinds agrees to tentative $26M settlement over data breach
Related stories
Notes from the IAPP Canada: Are good intentions enough to stay on top of potential data breaches?
A view from DC: Can consumer protection enforcement unduly burden AI innovation?
CPPA Board finalizes long-awaited ADMT, cyber audit, risk assessment rules
A view from Brussels: Will the Data Union Strategy finally lead to the European data single market?
Notes from the Asia-Pacific region: OPC releases inquiry report on FRT trial