Settlement Alert: The Dust Settles in SEC's Cybersecurity Lawsuit Against SolarWinds - Holland & Knight

Skip to content JULY 18, 2025 Settlement Alert: The Dust Settles in SEC's Cybersecurity Lawsuit Against SolarWinds Holland & Knight SECond Opinions Blog Summer Series Hans Griesbach | Allison Kernisky | Jessica B. Magee Holland & Knight continues its SECond Opinions Blog Summer Series featuring posts written and researched by the associates from our Securities Enforcement Defense Team. This update comes from Dallas Summer Associate Hans Griesbach, who is joining us from SMU Dedman School of Law as a rising 3L. In a significant turn of events on July 2, 2025, the SEC, SolarWinds Corp. and its Chief Information Security Officer (CISO), Timothy Brown, announced through a joint letter to the U.S. District Court for the Southern District of New York that they have reached a settlement in principle to resolve all of the remaining claims in the SEC's pending case, signaling the likely conclusion of a high-profile legal battle that has been raging since 2023. Per the parties' request, Judge Paul A. Engelmayer agreed to stay the case while the SEC seeks approval of the proposed settlement from the SEC Commissioners. The agreement pauses all pending deadlines in the case and sets a Sept. 12, 2025, deadline for the parties to finalize and submit the settlement paperwork. Background The case stems from the 2020 cyberattack on SolarWinds' Orion platform, which was infiltrated by Russian state-linked hackers and led to a consequential supply chain breach. The attack compromised thousands of organizations, including major U.S. government agencies and private companies, and prompted a sweeping reassessment of software supply chain security. The SEC's lawsuit, filed in October 2023, accused SolarWinds and its CISO of misleading investors by overstating the company's cybersecurity posture and failing to disclose known vulnerabilities. The SEC alleged that from the time of SolarWinds' IPO in 2018 through the public disclosure of the breach in December 2020, the company concealed critical information about its security risks and incidents. In July 2024, Judge Engelmayer dismissed many of the SEC's claims, citing the Commission's reliance on "hindsight and speculation." Though some allegations – particularly those concerning misrepresentations about access controls – were allowed to proceed, the ruling significantly narrowed the scope of the case. Settlement Though the terms of the settlement remain confidential and the SEC has declined to comment, SolarWinds stated it is eager to move forward without the distraction of ongoing litigation. The decision to settle highlights the SEC's evolving enforcement posture under Chair Paul Atkins, who was sworn in April 21, 2025. It is no secret that the SEC under Chair Atkins is more crypto-friendly, and the settlement appears to signal that this SEC may be more restrained in bringing enforcement actions over cybersecurity breaches as well. Final settlement terms may provide some clues as to whether the SEC is retreating from its more aggressive stance on cybersecurity disclosures. Notably, the agency has not rescinded its 2023 rule requiring public companies to disclose material cybersecurity incidents in periodic filings. Time will tell if the settlement was simply the result of the parties' shared desire to end the litigation or if the SEC's new priorities under Chair Atkins played a role in helping the parties reach a compromise. The SECond Opinions Blog will continue to monitor this case and provide updates. If you need additional information on this topic – or any topic related to securities enforcement or investigations – please contact the authors or other members of Holland & Knight's Securities Enforcement Defense Team. For extensive analysis of the SolarWinds case, check out the blog's prior coverage: A Word from the Ghost of Holiday Future: SEC Active in Cybersecurity and AI Actions, Dec. 18, 2024 Undeterred by the SolarWinds Storm: SEC Charges Victims of Compromised Software, Oct. 31, 2024 Court in SolarWinds Case Blows Down SEC's Cyber Enforcement Authority, July 24, 2024 SEC Cyber Enforcement Update: Which Way Are the SolarWinds Blowing?, July 8, 2024 Winds of Change: SEC's SolarWinds Lawsuit Signals Hotter Cybersecurity Enforcement, Nov. 6, 2023 RELATED BLOG SECond Opinions Blog EDITORS Jessica B. Magee Allison Kernisky RELATED PRACTICES Securities Enforcement Defense White Collar Defense and Investigations Data Strategy, Security & Privacy Public Companies and Securities Compliance Services Securities Litigation Litigation and Dispute Resolution RELATED INDUSTRY Technology & Telecommunications Subscribe to Updates and Events Click to Sign Up Related Insights SEC Initiates Review of ESG Fund Names Rule MARCH 4, 2026 6 Minutes Holland & Knight and SECond Opinions Welcome Camelia Lopez Shoemaker JANUARY 20, 2026 11 Minutes CERTainly Getting Interesting: Supreme Court Again to Address SEC's Power to Obtain Disgorgement JANUARY 14, 2026 8 Minutes "Everywhere You Want to Be" Except Federal Court MARCH 3, 2026 15 Minutes Once a Private Securities Transaction, Now an Outside Business Activity? JANUARY 20, 2026 6 Minutes SEC Enforcement 2025 Year in Review DECEMBER 31, 2025 10 Minutes FINRA Triples Long-Standing Annual Gift Limit FEBRUARY 24, 2026 3 Minutes Financial Services Regulatory Crystal Ball: Outlook for 2026 JANUARY 15, 2026 2025 Delaware Year in Review DECEMBER 30, 2025 8 Minutes View More By clicking “Accept All Cookies,” you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Privacy Preference Center When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. Holland & Knight Cookie Notice Allow All Manage Consent Preferences Strictly Necessary Cookies Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Targeting Cookies Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Performance Cookies Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. Social Media Cookies Social Media Cookies These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools. Functional Cookies Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. Cookie List Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Reject All Confirm My Choices