$286M Of SolarWinds Stock Sold Before CEO, Hack Disclosures

SolarWinds majority owners Silver Lake and Thoma Bravo sold $286 million of stock just before the company announced a new CEO and disclosed a cyberattack.

The private equity firms disposed of more than 13 million SolarWinds stock shares at $21.97 per share on Dec. 7, two days before the IT infrastructure management firm announced Pulse Secure’s Sudhakar Ramakrishna as its next CEO. Four days after that, SolarWinds disclosed that it had experienced a highly sophisticated, manual supply chain attack on certain versions of its Orion network monitoring product.

SolarWinds’ stock is now trading at $18.46, nearly 16 percent lower than what Silver Lake and Thoma Bravo sold their shares for. Silver Lake sold 5.8 percent of its stake in publicly held SolarWinds for $157.5 million, while Thoma Bravo also sold 5.8 percent of its somewhat smaller stake in SolarWinds for $128.3 million. The stock sales were first reported late Tuesday evening by The Washington Post.

[Related: Microsoft’s Role In SolarWinds Breach Comes Under Scrutiny]

“Thoma Bravo and Silver Lake were not aware of this potential cyberattack at SolarWinds prior to entering into a private placement to a single institutional investor on 12/7,” the companies said in a joint statement. The private equity firms didn’t respond to questions from CRN about whether they knew Ramakrishna had been selected as SolarWinds’ next CEO at the time they sold $286 million of stock.

Representatives from Silver Lake and Thoma Bravo make up a majority of SolarWinds’ 11-member board, and owned more than three-quarters of SolarWinds’ outstanding shares as of April, according to a U.S. Securities and Exchange Commission filing. Silver Lake is represented by Michael Bingle, Kenneth Hao and Mike Widmann, while Thoma Bravo is represented by Seth Boro, Michael Hoffman and James Lines.

The Canada Pension Plan Investment Board (CPP Investments) spent $315 million to take a 5 percent stake in SolarWinds, acquiring some of the shares previously owned by Silver Lake and Thoma Bravo, SolarWinds disclosed Dec. 9 in the press release announcing Ramakrishna as CEO. SolarWinds declined to comment, while CPP Investments and the SEC didn’t immediately respond to requests for comment.

FireEye disclosed Dec. 8 that it was breached in a state-sponsored attack designed to gain information on some of the company’s government customers. FireEye determined by Friday that some SolarWinds Orion updates had been corrupted and contacted the company shortly thereafter, The Washington Post reported, citing people familiar with the matter. SolarWinds has not said when it learned of the breach.

This was the largest sale of SolarWinds stock for Silver Lake and Thoma Bravo since the company went public in October 2018, according to The Washington Post. In all of 2019, Silver Lake sold about $140 million of SolarWinds stock while Thoma Bravo sold about $110 million of SolarWinds stock, The Post reported.

SolarWinds was founded in 1999 and conducted its first initial public offering (IPO) in May 2009, and spent nearly seven years being traded on the New York Stock Exchange (NYSE). Then in February 2016, Silver Lake and Thoma Bravo took SolarWinds private following a $4.5 billion purchase of the company. SolarWinds was privately held for just 32 months before going through its second IPO in late 2018.

SolarWinds got into the solution provider business in May 2013 through its purchase of N-able to better service MSPs who support SMB clients. Then in June 2016, SolarWinds bought N-able competitor LogicNow and brought the two remote monitoring and management (RMM) rivals together under the SolarWinds MSP banner.

While hackers over the past two years have taken advantage of the tools MSPs rely on to manage customer IT systems, the tools compromised in this breach do not appear to be linked to SolarWinds’ MSP business. The Orion platform supports SolarWinds’ longtime IT infrastructure management business and isn’t connected to the more recently assembled SolarWinds MSP business.

SolarWinds MSP said it isn’t aware of any impact to its remote monitoring and management (RMM), N-Central and associated products from the attack on Orion, President John Pagliuca said in a security advisory posted Sunday evening. Pagliuca would take over as SolarWinds MSP CEO if the proposed spin-off of the business into a standalone company that has been under consideration for months happens.