SolarWinds Misled Investors Ahead of Server Hack, Suit Says (1)

SolarWinds Corp. misled investors about product vulnerabilities that allowed hackers to pass malware to multiple clients, including Microsoft and the federal government, a would-be class suit filed Monday in federal court in Texas says.

The technology company purportedly failed to disclose how its update server had a simple, easily accessible password, the complaint filed in the U.S. District Court for the Western District of Texas says.

SolarWinds warned investors of the risk of a security breach or disruption in multiple Securities and Exchange Commission filings in 2019 and 2020. But it didn’t disclose that its Orion monitoring products had been vulnerable “since mid-2020,” the investor suit says.

The company suffered “significant reputational harm,” according to the complaint. SolarWinds’s stock price closed down 17% after the hack’s initial revelation Dec. 14, and another dropped 8% after a story the next day revealed how anyone with the password “solarwinds123" was able to access the update server, the suit says.

Causes of Action: Exchange Act §10(b)—Using a manipulative or deceptive device or contrivance for a securities transaction in violation of SEC rules (15 U.S.C. §78j); SEC Rule 10b-5—Employing a device, scheme, or artifice to defraud, making untrue statements or omitting facts, or engaging in any act, practice, or course of business which operates as a fraud or deceit (17 C.F.R. §240.10b-5).

Relief: Damages with interest; attorneys’ fees; court costs.

Potential Class Size: Hundreds or thousands of investors who acquired SolarWinds securities from Feb. 24, 2020, through Dec. 15, 2020.

Response: SolarWinds didn’t immediately respond to a Monday afternoon request for comment.

Attorneys: Rosen Law Firm PA and Steckler Wayne Cochran PLLC represent the investors.

The case is Bremer v. SolarWinds Corp., W.D. Tex., No. 21-cv-00002, complaint filed 1/4/21.