SolarWinds shareholders accuse the company of lying about its security practices ahead of the disclosure of a massive security incident.
A class-action lawsuit filed against SolarWinds and some of its executives accuses the company of lying and misleading shareholders about its security posture in the year leading up to its disclosure of a massive breach affecting public and private entities.
The suit was filed by shareholders and names SolarWinds, in addition to outgoing CEO Kevin Thompson and CFO Barton Kalsu, as defendants. It alleges Thompson and Kalsu, who were involved with the company’s daily operations and had access to proprietary data, made false and misleading statements to the Securities and Exchange Commission throughout last year.
The complaint states that SolarWinds “failed to disclose the following adverse facts pertaining to the Company’s business, operations, and prospects, which were known to Defendants or recklessly disregarded by them.”
It continues to say SolarWinds failed to disclose that since mid-2020, its Orion monitoring tools had a vulnerability that enabled attackers to compromise the server on which its products ran. It also notes the company’s update server had an easily accessible password of “solarwinds123.” Consequently, SolarWinds customers would be vulnerable to hacks and, as a result, the company would suffer “significant reputational harm,” the suit states.
“As a result, Defendants’ statements about SolarWinds’s business, operations and prospects were materially false and misleading and/or lacked a reasonable basis at all relevant times,” according to the suit.
Read more details here.