
The first class-action lawsuit brought against SolarWinds following its breach accuses the company of making materially false and misleading statements about its security posture throughout 2020.
The suit alleges that SolarWinds, outgoing CEO Kevin Thompson and CFO Barton Kalsu made “false and/or misleading” statements in regulatory filings with the U.S. Securities and Exchange Commission in February, May, August and November of 2020. The 15-page lawsuit was filed Monday in U.S. District Court for the Western District of Texas.
“[SolarWinds] mispresented and failed to disclose the following adverse facts pertaining to the company’s business, operations, and prospects, which were known to Defendants or recklessly disregarded by them,” the 15-page lawsuit claimed.
[Related: SolarWinds Hackers Gain Access To Microsoft’s Source Code]
The class-action complaint was brought on behalf of Timothy Bremer, a resident of Jefferson County, Kentucky who bought two shares of SolarWinds stock on Sept. 23 at $19.93 per share and 38 shares of SolarWinds stock on Oct. 22 at $21.54 per share. SolarWinds traded at just $14.53 per share at the close of market Monday, down 38.3 percent from $23.55 per share the day before the hack became public.
“As a result of Defendants’ wrongful acts and omissions, and the precipitous decline in the market value of the Company’s securities, Plaintiff and other Class members have suffered significant losses and damages,” the suit filed by Kristine Rogers of Dallas-based commercial law firm Steckler Wayne Cochran alleges.
The lawsuit accuses SolarWinds and its top executives of failing to disclose that, since mid-2020, the company’s Orion monitoring products had a vulnerability that allowed hackers to compromise the server upon which the products ran. The suit also claims that SolarWinds’ update server had an easily accessible password of ‘solarwinds123,’ citing the findings of security researcher Vinoth Kumar.
The lawsuit also references the finding by Huntress co-founder Kyle Hanslovan that malicious Orion updates were still available for download days after SolarWinds realized its software had been compromised. Consequently, the lawsuit states that SolarWinds customers including the federal government, Microsoft, Cisco and Nvidia were vulnerable to hacks.
“Defendants’ statements about SolarWinds’s business, operations and prospects were materially false and misleading and/or lacked a reasonable basis at all relevant times,” the lawsuit alleged. “As a result, the Company would suffer significant reputational harm.”
The lawsuit asks a jury to consider whether the price of SolarWinds stock was artificially inflated from Feb. 24, 2020, to Dec. 15, 2020, based on SolarWinds’ conduct detailed in the complaint. Had Bremer or others been aware that the market price of SolarWinds’ stock had been artificially inflated by misleading statements and inadequate disclosures, they wouldn’t have purchased the company’s stock at all.
Specific to CEO Thompson and CFO Kalsu, the lawsuit states that both executives knew adverse non-public information about SolarWinds’s corporate, governance and business prospects because of their senior positions. Based on Thompson and Kalsu’s positions, the lawsuit said they had control over the contents of the various reports, press releases and public filings which SolarWinds disseminated in 2020.
“Each of the Individual Defendants … was aware of or recklessly disregarded the fact that the false and misleading statements were being issued concerning the Company; and/or approved or ratified these statements in violation of the federal securities laws,” the lawsuit alleges.
SolarWinds did not address the lawsuit directly, but said in a statement that it is “solely focused on helping the industry and our customers understand and mitigate this attack, and quickly released hotfix updates to customers that we believe will close the vulnerability. We have also taken a number of steps to further secure our network and products, including through advanced endpoint detection and monitoring tools.“
related stories
Video
trending stories
sponsored resources

OutSystems
Modern Application Development 360

Symantec
Symantec Business Security Learning Center

HP Amplify™ - A Simplified Global Program for the Customer-Driven Digital Age
HP Inc.

BlackBerry
BlackBerry Learning Center

Dell Technologies
Dell Technologies Cloud Learning Center

Dell Technologies
Dell Technologies Storage Learning Center

NPD
Industry Trends 360

Comcast
Comcast Business Learning Center

Vertiv
Edge Computing 360

Sophos
Sophos Cybersecurity Learning Center

Products of the Year Showcase

Cysurance
Cyber Insurance 360

StorageCraft
Disaster Recovery Learning Center

APC by Schneider Electric
IoT Platforms 360

EPOS
EPOS

Smart 3rd Party
3rd Party Maintenance 360

WatchGuard
WatchGuard

Spectrum Partner Program
Spectrum Partner Program

ADT
Network Security 360

Tenable
Cyber Risk 360

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

Wasabi
Wasabi

Webroot
Webroot Learning Center

Dell Technologies
Dell Technologies Server Learning Center
