Was SolarWinds hacked?

Yes. The SolarWinds breach occurred on March 1, 2020, affecting 18,000 organizations records.

What data was exposed in the SolarWinds breach?

The 2020 SolarWinds supply chain attack compromised 18,000+ organizations including U.S. government agencies. Learn what happened.

What should I do if I was affected by the SolarWinds data breach?

Check if your data was exposed using our free tool, change your passwords, enable two-factor authentication, and monitor your accounts for suspicious activity.

SolarWinds Data Breach

Critical Severity 18,000 organizations records affected Published February 10, 2026

Company	SolarWinds
Breach Date	March 1, 2020
Disclosure Date	December 13, 2020
Records Affected	18,000 organizations

The SolarWinds attack, discovered in December 2020, was one of the most sophisticated supply chain cyberattacks in history. Russian state-sponsored hackers compromised SolarWinds' Orion software updates, gaining access to networks of approximately 18,000 organizations including multiple U.S. government agencies.

What Happened

Russian intelligence hackers (attributed to the SVR group known as APT29 or Cozy Bear) gained access to SolarWinds' build environment and inserted malicious code (dubbed SUNBURST) into Orion software updates distributed between March and June 2020. When organizations installed these updates, the backdoor gave attackers access to their networks. Approximately 18,000 organizations installed the compromised update, and the attackers actively exploited access to about 100 high-value targets including the U.S. Treasury Department, Department of Commerce, Department of Homeland Security, and major corporations like Microsoft and FireEye. FireEye discovered the breach in December 2020 while investigating a theft of its own red team tools.

What Data Was Exposed

Internal communications and emails of government agencies
Source code (Microsoft confirmed attackers viewed its source code)
Network architecture and security configurations
Classified and sensitive government information
Proprietary corporate data
Security tools and vulnerability research (FireEye)

Who Is Affected

Approximately 18,000 organizations installed the compromised update, including U.S. government agencies (Treasury, Commerce, Homeland Security, State Department, NIH), Fortune 500 companies, and cybersecurity firms. The attackers focused on a subset of approximately 100 high-value targets for deeper exploitation.

How to Check If You Were Affected

CISA published detailed indicators of compromise and detection tools. If your organization used SolarWinds Orion versions 2019.4 HF 5 through 2020.2.1, you received the compromised update. Check CISA's advisory at cisa.gov for detection guidance. SolarWinds also released a tool to check if your Orion installation was affected.

What You Should Do Now

If you used SolarWinds Orion, update to the latest patched version immediately
Conduct a thorough investigation of network activity during the March-December 2020 period
Review privileged access accounts for unauthorized modifications
Reset all credentials associated with SolarWinds Orion
Audit OAuth tokens and certificates for unauthorized additions
Monitor for indicators of compromise published by CISA and FireEye
Consider engaging a cybersecurity firm for forensic investigation

Last updated: February 10, 2026