A SolarWinds shareholder has filed a class action lawsuit in the U.S. District Court for the Western District of Texas on Monday against the company's president, Kevin Thompson, and chief financial officer, J. Barton Kalsu, claiming the executives violated federal securities laws under the Securities Exchange Act of 1934.
The lawsuit alleges SolarWinds leadership “misrepresented and failed to disclose” information about the company's recent hack, causing a "precipitous decline in the market value of the Company’s securities" which resulted in "significant losses and damages" to investors who purchased shares between between Feb. 24 and Dec. 15, 2020.
The suit sstates that SolarWinds either misrepresented or failed to disclose to shareholders that the company's Orion monitoring products had a vulnerability since mid-2020 that allowed hackers to compromise the product's server and that SolarWinds’ update server had an easily accessible password of ‘solarwinds123’ that would leave customers, including the federal government, Microsoft, Cisco, and Nvidia vulnerable to hacks.
In addition, the misleading statements caused the company and its shareholders to suffer "signifcaint reputational harm" and "artificially inflated" SolarWinds market price.
Shareholders claim that executives had "actual knowledge of the material omissions and/or the falsity of the material statements" and intended to "deceive Plaintiff and the other members of the Class, or, in the alternative, acted with reckless disregard for the truth when they failed to ascertain and disclose the true facts in the statements made by them or other SolarWinds personnel to members of the investing public."
"Had Plaintiff and the other members of the Class been aware that the market price of SolarWinds securities had been artificially and falsely inflated by Defendants’ misleading statements and by the material adverse information which Defendants did not disclose, they would not have purchased SolarWinds securities at the artificially inflated prices that they did, or at all," the lawsuit adds. "As officers and/or directors of a publicly owned company, the Individual Defendants had a duty to disseminate accurate and truthful information with respect to SolarWinds’s business practices, and to correct promptly any public statements issued by SolarWinds which had become materially false or misleading."
The lawsuit is seeking unspecified damages for "reasonable costs and expenses incurred", including counsel and expert fees, as well as any additional relief the court deems appropriate.
In addition to shareholders, at least 18,000 SolarWinds customers were affected by the hack, including many Fortune 500 companies and numerous government agencies. U.S. intelligence officials have blamed Russia, but the Kremlin has denied involvement.
A SolarWinds spokesperson did not comment on the lawsuit directly, but told FOX Business it is "solely focused on helping the industry and our customers understand and mitigate this attack," noting that it quickly released updates to customers that it believes will "close the vulnerability."
"We are collaborating closely with federal law enforcement and intelligence agencies to investigate the full scope of this unprecedented attack, including whether it was backed by the resources of a foreign government," the spokesperson added. "We are also working with industry-leading third-party cybersecurity experts to assist in investigating, mitigating and remediating this attack."
In addition, the company said it has taken a number of steps to further secure its network and products, including through advanced endpoint detection and monitoring tools.
The company's stock has dropped more than 34% since news of the attack broke. In addition, the likes of Truist Securities and Baird have both downgraded SolarWinds stock from a buy to hold with both also anticipating stock price targets dropping to around $15. The stock closed at $14.53 per share at the end of Monday's trading session.
Fox Business' Paul Best contributed to this report.