Investors Sue SolarWinds Directors Over Security Breach

A group of investors has filed a lawsuit against SolarWinds’ directors, maintaining they could have prevented an attack that led to the compromise of thousands of companies and several branches of the US government.

The lawsuit, filed in Delaware and led by a Missouri pension fund, appears to be the first based on records shareholders demanded from the company in the wake of the hack, which came to light in December 2020.

The suit names a list of current and former directors as defendants.

The investors allege the board failed to implement procedures that could have prevented the attack from taking place, such as requiring the company’s management to regularly report on cybersecurity risks.

Image credit: Microsoft

Massive breach

The plaintiffs are seeking damages on behalf of the company and a reform in SolarWinds’ policies on cybersecurity oversight.

SolarWinds has said it is cooperating with investigations into the breach by the US Securities and Exchange Commission, the Department of Justice and others.

The company has moved to dismiss another shareholder lawsuit seeking damages for a decline in its share price.

The hack has led to an overhaul of US government cybersecurity measures this year, with President Joe Biden last week ordering federal agencies to fix hundreds of vulnerabilities in their computer systems within a six-month period.

Microsoft said late last month that the hacking group behind the attack, which it calls Nobelium, has stepped up its attacks this year and is now targeting technology resellers, including companies that resell cloud services.

Further attacks

It said Nobelium is seeking to impersonate technology firms companies regularly deal with in order to gain unauthorised access to their systems.

The current campaign began in May of this year, and at least 14 resellers and service providers have been compromised, Microsoft said.

Microsoft said it had issued more than 22,000 warnings to customers over Nobelium attacks from 1 July to 19 October of this year, compared to 20,000 warnings for all attacks by nation-state hacking groups for the previous three years.

The US government has identified Nobelium as working on behalf of the Russian foreign intelligence service, the SVR. Russia has denied involvement.

Microsoft said in June that Nobelium had stolen some “basic” customer information from Microsoft’s own technical support agents.

After publishing this article we just receive a statement from SolarWind spokesperson:

“We do not comment on pending litigation, but this action is similar to a purported derivative lawsuit filed earlier this year. More importantly, we continue to focus on deepening our relationships with customers and openly discussing our Secure by Design initiatives as we look to set the standard for secure software development.”
Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago