SolarWinds agrees to $26M settlement over widespread data breach

SecurityWeek reports that SolarWinds has agreed to settle for $26 million in a class action lawsuit filed by its investors in relation to a widespread data breach disclosed in December 2020. Such a breach involved Russia-linked attackers deploying malicious Orion updates to thousands of SolarWinds clients in the spring of 2020, nearly 100 of which were impacted with additional malware. SolarWinds has then been sued in January 2021 by investors due to their dissatisfaction regarding the breach's impact and disclosure to their share values. While both SolarWinds and its investors have agreed upon the settlement, it is yet to be approved by the court. "The proposed settlement resolves all claims asserted against the Company and the other named defendants in connection with the class action litigation and would contain provisions that the settlement does not constitute an admission, concession, or finding of any fault, liability, or wrongdoing of any kind by the Company or any defendant," said SolarWinds in a filing to the Securities and Exchange Commission. SolarWinds may also be facing SEC action regarding its "cybersecurity disclosures and public statements, as well as its internal controls and disclosure controls and procedures" based on the SEC filing.