SolarWinds is Facing a Lawsuit From Investors Over Security Breach
Written by AskTheLawyers.com™
Information technology and business management software company SolarWinds is facing a class action lawsuit from stock buyers over a Sunburst malware hack released with software updates in March and June of 2020. Plaintiffs in the lawsuit argue that SolarWinds was aware of a vulnerability in its software, yet made misleading statements to avoid reputational damage, directly resulting in the security breach.
At least 250 federal agencies and businesses were affected by the hack.
This is no small hack, especially considering the confidential nature of much of the information that was exposed in the breach. The malware that was inserted into the company’s Orion software updates was reportedly released to approximately 18,000 customers. Cozy Bear, a Russian cyber espionage collective, is suspected of committing the hack.
This class includes everyone who acquired publicly traded SolarWinds securities from February through December of 2020.
Plaintiff Timothy Bremer on behalf of all others similarly situated alleges that SolarWinds was in violation of the federal securities laws under the Securities Exchange Act of 1934. According to the official complaint, if the company had admitted to the security vulnerability in their software, the hack could have been avoided, protecting vast amounts of confidential data and preventing the steep drop-off in stock value which unduly harmed investors. When news of the hack became public, the stock value of the company experienced a sudden drop.
As of December 15th 2020, SolarWinds shares dropped by 8%, significantly damaging investors.
Plaintiffs in this lawsuit allege that the company’s false and misleading statements to investors during the period of time in which the hack was occurring “misrepresented material facts about the business, operations and management of SolarWinds…” All of this information is considered vital to current and potential stock buyers in their decision to invest. The lawsuit further alleges that the vulnerabilities in the system which allowed the hackers entrance “...were known to [SolarWinds] or recklessly disregarded by them… since mid-2020, SolarWinds Orion monitoring products had a vulnerability that allowed hackers to compromise the server upon which the products ran.” In fact, the update server supposedly used a password as easily accessible as “solarwinds123”.
The plaintiffs in this lawsuit are seeking a jury trial in addition to damages suffered with interest.
Bremer and the rest of the class are seeking a jury trial to resolve the question of whether or not SolarWinds can be held liable for misrepresenting the state of the company to the investing public. The success of this class action lawsuit revolves around whether or not the plaintiffs and their legal representatives can prove that SolarWinds intentionally or through gross negligence failed to keep the public informed of both vulnerabilities in the software and the hack itself, thereby hurting investors when news of the hack was made public and stock value fell substantially. The plaintiffs are also seeking the cost of legal fees as part of their damages.