(Reuters) — SolarWinds said on Friday some of its former and current executives had been issued a Wells notice by the U.S. Securities and Exchange Commission over a massive 2020 data breach linked to the software company.
A Wells notice does not necessarily mean that recipients have broken any law. The SEC issues Wells notices to companies when it plans to bring enforcement actions against them.
“We are cooperating in a lengthy investigative process that appears to be progressing to charges by the SEC against our company and officers,” a SolarWinds spokesperson said in an email.
“SolarWinds has acted appropriately throughout by following long-established best practices for both cyber controls and disclosures,”; the spokesperson said.
The company was at the center of a cybersecurity crisis in December 2020, when hackers compromised SolarWind’s software updates and used them to access data from thousands of companies and government offices that used its products. The US government has attributed the hack to Russia.
Last November, the SEC recommended an enforcement action against the software company over its public statements about cybersecurity and procedures governing such disclosures.