SolarWinds Acquired by Turn/River Capital in $4.4 Billion Deal Amid Ongoing Fallout from 2020 Cyberattack

SolarWinds, the IT and software company at the center of a major supply chain cyberattack in 2020, has announced its acquisition by Turn/River Capital for $4.4 billion, with shareholders receiving $18.50 per share.

  Privacy & Data Protection   Feb 10, 2025  Add to Reading List
SolarWinds Acquired by Turn/River Capital in $4.4 Billion Deal Amid Ongoing Fallout from 2020 Cyberattack

SolarWinds, the IT and software company at the center of a major supply chain cyberattack in 2020, has announced its acquisition by Turn/River Capital for $4.4 billion, with shareholders receiving $18.50 per share. The transaction received unanimous approval from SolarWinds’ board of directors and written consent from majority stakeholders Thoma Bravo and Silver Lake, who together control 65% of the company’s voting securities.

Following the acquisition, SolarWinds will transition into a privately held company and delist from the New York Stock Exchange. However, it will continue to operate under the same name and remain headquartered in Austin, Texas.

CEO Sudhakar Ramakrishna expressed optimism about the deal, stating, “This successful transaction and exciting partnership are testaments to our employees' outstanding work of building exceptional solutions and delivering great customer success. We are confident that Turn/River’s expertise and growth orientation will help us ensure SolarWinds continues to drive innovation and deliver even greater value for customers and stakeholders.”

The Lingering Impact of the Sunburst Cyberattack

SolarWinds remains infamous for the 2020 supply chain attack that compromised around 33,000 customers, including several U.S. government agencies and major organizations. The breach originated in the company’s Orion network management software, where state-sponsored hacking group Nobelium allegedly infiltrated SolarWinds’ systems as early as September 2019. The attackers inserted the Sunburst malware into Orion’s software updates, leading to the infection of over 18,000 customers.

The long-term fallout from the attack continues. In 2023, the U.S. Securities and Exchange Commission (SEC) charged SolarWinds and its Chief Information Security Officer (CISO), Tim Brown, with fraud and internal security failures, alleging that Brown ignored warnings about the company’s cybersecurity vulnerabilities, leaving it exposed to attack.

The SEC has since expanded its scrutiny, charging companies such as Unisys, Avaya Holdings Corp., Checkpoint, and Mimecast for downplaying the breach’s impact on their systems. The agency also reiterated its commitment to enforcing transparency in corporate breach disclosures, ensuring companies provide clear and accurate reports following major cybersecurity incidents.

Tags