SolarWinds Corp. misled investors about product vulnerabilities that allowed hackers to pass malware to multiple clients, including Microsoft and the federal government, a would-be class suit filed Monday in federal court in Texas says.
The technology company purportedly failed to disclose how its update server had a simple, easily accessible password, the complaint filed in the U.S. District Court for the Western District of Texas says.
SolarWinds warned investors of the risk of a security breach or disruption in multiple Securities and Exchange Commission filings in 2019 and 2020. But it didn’t disclose that its Orion monitoring products had been vulnerable “since mid-2020,” the investor suit says.
The company suffered “significant reputational harm,” according to the complaint. SolarWinds’s stock price closed down 17% after the hack’s initial revelation Dec. 14, and another dropped 8% after a story the next day revealed how anyone with the password “solarwinds123" was able to access the update server, the suit says.
Causes of Action: Exchange Act §10(b)—Using a manipulative or deceptive device or contrivance for a securities transaction in violation of SEC rules (15 U.S.C. §78j); SEC Rule 10b-5—Employing a device, scheme, or artifice to defraud, making untrue statements or omitting facts, or engaging in any act, practice, or course of business which operates as a fraud or deceit (17 C.F.R. §240.10b-5).
Relief: Damages with interest; attorneys’ fees; court costs.
Potential Class Size: Hundreds or thousands of investors who acquired SolarWinds securities from Feb. 24, 2020, through Dec. 15, 2020.
Response: SolarWinds didn’t immediately respond to a Monday afternoon request for comment.
Attorneys: Rosen Law Firm PA and Steckler Wayne Cochran PLLC represent the investors.
The case is Bremer v. SolarWinds Corp., W.D. Tex., No. 21-cv-00002, complaint filed 1/4/21.