On December 12, 2020, SolarWinds was informed of a significant cyberattack potentially linked to Russian actors. Tim Brown, the chief information security officer of SolarWinds, realized that over 300,000 global clients, including various U.S. government agencies, could be impacted due to the compromise of the company’s Orion network software. The vulnerability allowed hackers to gain remote access to numerous systems.
In the days following the attack, amid the complexities of the COVID-19 pandemic, SolarWinds faced communication challenges as its email systems were compromised. Brown noted that the situation forced the team to use alternative communication tools, such as Proton email and Signal, as they were overwhelmed with inquiries from governmental and military agencies.
The breach was first reported through a call from Kevin Mandia, CEO of cybersecurity firm Mandiant, to SolarWinds’ then CEO. Mandia informed them that contaminated code had been delivered through Orion software, affecting numerous organizations. Initial estimates suggested up to 18,000 downloads of the tainted product, which was later revised to approximately 100 entities that were actually compromised.
In response to the attack, SolarWinds paused new feature development for six months and focused its resources on improving security. Customer renewal rates dropped temporarily but have since recovered. Legal consequences followed, including a $26 million settlement of a class-action lawsuit in 2022. As of October 2023, the Securities and Exchange Commission (SEC) has filed charges against both Brown and SolarWinds for allegedly misleading investors about cybersecurity measures.
Brown experienced significant stress during this period, leading to health issues, including a heart attack, which he attributes to the accumulated pressure of the situation. He highlights the importance of mental health support for employees in high-stress roles. A proposed settlement with the SEC is pending approval, further prolonging the legal ramifications of the incident. Brown remains with the company, asserting accountability for the events that transpired.
Source: https://www.theguardian.com/technology/2025/oct/19/global-cyber-attack-russian-hack-solarwinds-stress-health