The Washington Post

Breached firm Solarwinds faces SEC inquiry after stock sales

- BY DOUGLAS MACMILLAN AND AARON SCHAFFER douglas.macmillan@ washpost.com aaron.schaffer@washpost.com

Solarwinds, the Texas-based company whose software was breached in a major Russian cyberattac­k, said in a recent filing that it is cooperatin­g with an inquiry by the Securities and Exchange Commission.

In its annual report to investors, Solarwinds said there are “numerous” government investigat­ions underway related to the cyber intrusion, including by the SEC, the Justice Department and state attorneys general. “We are cooperatin­g and providing informatio­n in connection with these investigat­ions and inquiries,” the company said in its filing.

Relatively unknown just a few months ago, Solarwinds has been in the hot seat since hackers exploited vulnerabil­ities in its software to breach at least nine government agencies and about 100 companies. Members of Congress recently questioned Solar-Winds chief executive Sudhakar Ramakrishn­a about whether private companies like his can be trusted to protect the country from future attacks.

The SEC probe, which had not been disclosed previously, comes after the largest investors in Solarwinds sold $315 million in shares of the company days before the hack was revealed. The investor group avoided losses of more than $100 million, while the buyer, Canada’s largest pension fund, saw the value of its new shares decline more than 40 percent in the days after the cyberattac­k became public.

A former SEC enforcemen­t official told The Washington Post in December that, based on publicly known informatio­n, the stock sales would probably be investigat­ed by the securities regulator. The former official, Jacob S. Frenkel, said the SEC would try to determine whether the investors withheld informatio­n before unloading their stakes in Solarwinds.

A spokesman for Solarwinds declined to comment beyond the filing. The SEC did not respond to a request for comment.

The stock sale was led by private equity firms Silver Lake and Thoma Bravo, which together own 70 percent of Solarwinds and control six of the company’s board seats. Their ownership gives them access to key informatio­n and makes their stock trades subject to federal rules around financial disclosure­s.

Solarwinds, Silver Lake and Thoma Bravo have all said they first learned of the security breach after the agreement was reached. Spokesmen for Silver Lake and Thoma Bravo declined to comment on the SEC inquiry.

Michel Leduc, a senior managing director at the Canada Pension Plan Investment Board (CPPIB), previously said he thought “no one was aware of the hack leading to our capital commitment” but said his firm was assessing the circumstan­ces of the deal “for optimal certainty.”

A spokesman for the CPPIB did not respond to a request for comment.

Federal agencies affected by the recent Russian hacking include the department­s of State, Justice, Treasury, Energy, Commerce and Homeland Security, as well as the National Institutes of Health, NASA and the Federal Aviation Administra­tion, The Post has reported. In all cases, officials have said, the data stolen was unclassifi­ed and no operationa­l systems were breached.

 ?? DEMETRIUS FREEMAN/THE WASHINGTON POST ?? Fireeye CEO Kevin Mandia, left, Solarwinds CEO Sudhakar Ramakrishn­a and Microsoft President Brad Smith appear at a Senate Intelligen­ce Committee hearing last month.
DEMETRIUS FREEMAN/THE WASHINGTON POST Fireeye CEO Kevin Mandia, left, Solarwinds CEO Sudhakar Ramakrishn­a and Microsoft President Brad Smith appear at a Senate Intelligen­ce Committee hearing last month.

Newspapers in English

Newspapers from USA