Corruption, Crime and Compliance: SEC Suffers Dismissal of Claims in Solarwinds Securities Fraud Case
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
The Woody Report: The Solar Winds Dismissal
Season's Greetings! In this first installment of Season's Readings, we look back at this year's developments involving cybersecurity and artificial intelligence (AI), both of which remained priorities for the SEC in 2025, but...more
The U.S. Securities and Exchange Commission’s closely watched lawsuit against software maker SolarWinds (“SolarWinds” or the “Company”) and its cybersecurity chief, Tim Brown, ended with a whimper last month when the...more
Key Takeaways - The SEC’s agreement with defendants to dismiss, with prejudice, its case against SolarWinds Corporation (SolarWinds) and its chief information security officer (CISO) signals a retreat from aggressive,...more
While timely and accurate disclosure of material cybersecurity events remains paramount, the SEC's retreat from its aggressive SolarWinds case may signal a recalibrated enforcement approach in these cases. On November 20,...more
On November 20, 2025, the U.S. Securities and Exchange Commission (SEC) filed a joint stipulation with SolarWinds Corp. and its chief information security officer (CISO), Timothy Brown, to dismiss with prejudice the...more
On November 20, 2025, the Securities and Exchange Commission (SEC) dismissed its landmark enforcement action against SolarWinds Corp. and the company’s Chief Information Security Officer, Tim Brown. In 2023, the SEC’s...more
Last week, the SEC agreed to voluntarily dismiss its high-profile case against SolarWinds Corporation (“SolarWinds” or the “Company”) and its Chief Information Security Officer (“CISO”), which has been pending for over two...more
The Securities and Exchange Commission’s (SEC) case against SolarWinds and its chief information security officer (CISO), Timothy Brown, ended abruptly on November 20, 2025, when the SEC agreed to dismiss its remaining claims...more
On November 20, 2025, the Securities and Exchange Commission and defendants SolarWinds Corp. and Timothy G. Brown filed a joint stipulation to dismiss with prejudice the SEC’s civil enforcement action pending in the Southern...more
As readers of our 2025 Data Security Incident Response (DSIR) Report are aware, many organizations were concerned about complying with the Securities and Exchange Commission’s (SEC) cybersecurity rules given the SEC’s...more
In a significant turn of events on July 2, 2025, the SEC, SolarWinds Corp. and its Chief Information Security Officer (CISO), Timothy Brown, announced through a joint letter to the U.S. District Court for the Southern...more
On October 22, 2024, Republican SEC Commissioners Hester Peirce and Mark Uyeda issued a joint dissent sharply criticizing charges brought against four companies for allegedly making materially misleading disclosures regarding...more
As we welcome 2025, here are 10 must-read Constangy bulletins and blog posts from 2024, highlighting insights that guided our readers through important legal developments, workplace issues, and the challenges in cybersecurity...more
Readers, thank you for journeying with us through all nine (and this, our 10th and final!) installments of Season's Readings. In this final piece, we turn from the past and look ahead to what may be in store from the SEC's...more
The SEC was increasingly active in fiscal year (FY) 2024 in pursuing enforcement actions involving cybersecurity incidents and artificial intelligence (AI) (query how long society will continue to define AI; harkens to the...more
On October 22, 2024, the US Securities and Exchange Commission (SEC, or Commission) brought settled actions against four publicly traded companies that were downstream victims of the Russia-linked cyberattack on SolarWinds...more
On October 22, 2024, the Securities and Exchange Commission (“SEC”) announced that four technology companies—Unisys Corporation, Avaya Holdings Corporation, Check Point Software Technologies Ltd., and Mimecast Ltd.—had...more
Joseph Sullivan, Uber’s beleaguered former Chief Information Security Officer, was back in the news last month when he appealed his 2023 conviction for his role in concealing a 2016 breach of Uber’s network and customer data....more
On October 22, 2024, the Securities and Exchange Commission (SEC) announced enforcement actions against several technology companies for making materially misleading disclosures regarding cybersecurity risks and intrusions....more
In late October, the SEC announced settled enforcement actions against four public companies, all stemming from impacts from the compromise of SolarWinds’ Orion software. Each order included allegations that the applicable...more
On October 22, 2024, the Securities and Exchange Commission (“SEC”) filed settled enforcement orders involving four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Ltd, and...more
The SEC on Oct. 22, 2024, announced charges against four companies for allegedly making materially misleading disclosures concerning the impact of cybersecurity incidents associated with the compromised SolarWinds' Orion...more
On October 22, 2024, the SEC announced that it had entered into settlements with four separate companies for making allegedly misleading disclosures about how they were impacted by the SolarWinds data breach in 2019. The...more
On Oct. 22, 2024, the Securities and Exchange Commission announced that it charged four technology companies with making materially misleading disclosures about the effect the SolarWinds cyberattack had on these issuers. To...more
The Nutter Securities Enforcement Update is a periodic update of noteworthy recent securities enforcement activity, settlements, decisions, and charges. We provide brief summaries that highlight recent enforcement action...more