Caleb Skeath, Emily Pehrsson, and Jess Gonzalez Valenzuela of Covington and Burling write:
On November 20, 2025, the Securities and Exchange Commission (“SEC”) announced that it was voluntarily dismissing the case it brought against SolarWinds Corp. (“SolarWinds”) and its information security officer, Timothy Brown, regarding the company’s security practices and related statements in connection with the “Sunburst” cybersecurity incident. The SEC stated in a brief release that its decision to dismiss with prejudice the case against SolarWinds and Mr. Brown was “in the exercise of its discretion” and “does not necessarily reflect the Commission’s position on any other case.”
The case followed the “Sunburst” cybersecurity incident, during which nation-state actors infiltrated a large number of public company and government computer systems by compromising SolarWinds’ Orion software platform. The joint stipulation to dismiss comes months after the parties informed the court that they had reached an agreement to settle the matter.
Read more at Inside Privacy.