Respond to prefers-color-scheme dark in app web views

Follow section front redirects in Spectrum

Enable NLP source in PCS for load testing

Switch off the News Alerts Survey Widget when we have enough responses

Poll to determine if new LUF updates are available

Allows the winning A/B test variant to be turned on without Spectrum deployment

Show infinite scrolling sections in Assembler MultiView

Show option for NLP article summaries in Action Bar

Show NLP summaries collection recirc on article pages

A general feature flag for Recipe Features that aren't yet released

Feature flag for media team features that aren't yet released

Use new Orca video player for preroll plugin in Spectrum

Show the snow tracker (instead of the heat tracker) on Spectrum

‘Bunker mentality’ at Columbia lit protest spark that spread nationwide

A mystery illness stole their kids’ personalities. These moms fought for answers.

The greatness — yes, greatness — of the Planet of the Apes

The urgent air defense lessons of April 16 

Are smartphones destroying childhood? It’s complicated.

In the campaign against Donald Trump, do the ends justify the means?

An unexpected sight to behold: Ted Cruz working bipartisan deals

Narrative of Trump snoozing in court takes hold — much to his annoyance

Manafort will no longer take on Republican convention role

Cruise ship drags dead whale into New York, prompting investigation

5 big travel lessons from an accomplished conservationist

The case for eating at Italian gas stations

Eighth-inning decision burns the Nats in a 4-2 loss to the Red Sox

Commanders rookie DT Johnny Newton needs a second foot surgery

Nats win opener at Fenway behind Patrick Corbin and a lockdown bullpen

Tens of thousands in Georgia protest Russian-style ‘foreign agents’ law

Israel says 300,000 fled Gaza fighting; military expands operation in Rafah

Israel orders more Rafah evacuations, expanding military operation

Courtroom photo ban adds to hurdles for Trump trial journalists

Israel’s shameful ban on Al Jazeera

Checks, not sex, and other takeaways from Trump’s New York hush money trial

In photos: Scenes from the grand final of the 2024 Eurovision competition

Bishop vanished. His species can still be saved.

Northern lights glow worldwide

Claire Messud turns her family’s history into a masterpiece

Kristi Noem’s dog killing is pure Southern gothic

Joseph Epstein, conservative provocateur, tells his life story in full

Ask Amy: Mother isn’t accepting of her gay son

Carolyn Hax: Keep scrolling seven hours per day, or give therapy a try?

Miss Manners: Journalist posts on social media about a typo at another outlet

I used to dismiss my mom’s advice. Then I found a note she wrote before she died.  

Photos of his mom at lunch are a balm people didn’t know they needed

Dog hit by car loses leg, is adopted by firefighter who helped her

Fooled by AI? These firms sell deepfake detection that’s ‘REAL 100%.’ 

Apple apologizes for iPad ad after blowback 

Google’s new ‘Find My’ device network is useful but a stalking risk

US-POLITICS-BIDEN

Big Tech news and how to take control of your data and devices

See more coverage in your recommendations

Technology

Tips delivered to your inbox twice weekly

The Tech Friend newsletter

Business and Tech alerts

Demetrius Freeman

The Securities and Exchange Commission sued software company SolarWinds on Monday for failing to publicly disclose alleged cybersecurity failures that led to one of history’s biggest computer breaches.

In a complaint filed in the Southern District of New York, the SEC contends that SolarWinds and the company’s chief information security officer, Tim Brown, repeatedly violated the antifraud disclosure and internal controls provisions of federal securities law by not disclosing vulnerabilities that the company knew could lead to a hack.

Later, SolarWinds suffered a breach of its network monitoring software, Orion, that allowed hackers suspected to be connected to the Russian government to infiltrate thousands of customer organizations that included nine federal agencies. The breach began as early as 2019 but only became public in 2020.

On Monday, the company accused the SEC of “overreach” and described itself as “disappointed by the SEC’s unfounded charges related to a Russian cyberattack on an American company.” It said it was “deeply concerned this action will put our national security at risk” by seeming to require companies to publicly reveal vulnerabilities before they have had a chance to fix them.

SolarWinds, which is headquartered in Austin, claims it has more than 300,000 customers, including 96 percent of the Fortune 500, and bills itself as a leading provider of software that manages and monitors an organization’s information technology. The <a href="https://www.gao.gov/blog/solarwinds-cyberattack-demands-significant-federal-and-private-sector-response-infographic" target=_blank>Government Accountability Office called</a> the breach “one of the most widespread and sophisticated hacking campaigns ever conducted against the federal government and private sector.”

“Dating back to at least October 2018, when SolarWinds conducted its [initial public offering] continuing through at least December 2020, SolarWinds and/or Brown made materially false and misleading statements and omissions related to SolarWinds securities risks and practices in at least three types of public disclosures,” the SEC complaint says.

In a briefing with reporters, the SEC said the complaint is not “Monday morning quarterbacking.” It said the company would have violated federal securities law even if the breach had not happened.

According to the SEC, Brown and others had received ample warning of vulnerabilities at SolarWinds but did not disclose those problems publicly. In one internal warning in September 2020, SolarWinds executives were told “the volume of security issues being identified over the last month have outstripped the capacity of engineering teams to resolve.” In another, in November of that year, a senior manager noted that, “We’re so far from being a security-minded company.” The warnings date back as far as 2018, according to the SEC.

The SEC said that SolarWinds also failed to disclose in December 2020 that attackers already had successfully exploited vulnerabilities against SolarWinds customers multiple times over the prior six months. The company could be ordered to pay a fine, the amount of which a judge would decide.

Because the SEC sent notices this summer to the company about a potential enforcement action, SolarWinds had <a href="https://www.washingtonpost.com/politics/2023/06/29/sec-notices-spark-alarm-cyber-executives/" target=_blank>already vowed to fight it</a>.

“We disagree that any such action is warranted against either the company or any employees, and we will continue to explore a potential resolution of this matter before the SEC makes any final decision,” SolarWinds CEO Sudhakar Ramakrishna wrote in an internal email in June. “And if the SEC does ultimately decide to initiate any legal action, we intend to vigorously defend ourselves.”

An earlier version of this story incorrectly reported that SolarWinds was headquartered in Tulsa. It's headquartered in Austin. It was founded in Tulsa. This version has been corrected. 

2022 American Society of Business Publication Editors, Bronze National Award, Government Coverage

2022 American Society of Business Publication Editors, Silver Regional Award, Government Coverage

2022 American Society of Business Publication Editors, Bronze Regional Award, Single Topic Coverage by a Team

2022 Society of Professional Journalists Washington, D.C., Chapter, Finalist, Staff

2021 Best in Business Awards, Honorable Mention, Technology, Small Division (for editing role)

2009 National Press Club Sandy Hume Memorial Ward for Excellence in Political Journalism

2001 Indiana Associated Press Managing Editors, 1st Place, Non-Deadline News Reporting (with another reporter)

2001 Hoosier State Press Association, 3rd Place, Business Writing (team project)

University of Southern Indiana, BA in Print Journalism

Tim Starks is the author of the Cybersecurity 202 newsletter at The Washington Post. He previously served as senior editor at CyberScoop and ran Politico's cybersecurity newsletter. The Evansville, Ind., native also has held reporting roles for CQ Roll Call, the New York Sun and the Evansville Courier & Press.

Tim Starks

washpost

SolarWinds charged by SEC for failing to disclose cybersecurity problems

the-washington-post

Capitol Hill_02/23

The Washington Post

staff

Foreign Policy

Intelligence

Justice

Military

National Security

prism://prism.query/site,/national-security&limit=20

Sign up for Fact Checker, our weekly review of what's true, false or in-between in politics.

The Washington Post's coverage of national security issues, including the military, intelligence, justice, and foreign policy.

prism://prism.query/two-sites,/technology,/politics/powerpost/the-technology-202?limit=20