NEW YORK (REUTERS) – SolarWinds investors have sued the software company’s directors, alleging they knew about and failed to monitor cyber-security risks to the company ahead of a breach that created a vulnerability in thousands of its customers’ systems.
The lawsuit filed in Delaware last Thursday (Nov 4) appears to be the first based on records shareholders demanded from the company after Reuters reported last December that malicious code inserted into one of the company’s software updates left United States government agencies and companies exposed.
The lawsuit names a mix of current and former directors as defendants.
A SolarWinds spokesman said the company does not comment on pending litigation, but noted it is focused on “deepening” customer relationships and “openly discussing our Secure by Design initiatives as we look to set the standard for secure software development”.
Led by a Missouri pension fund, the investors allege that the board failed to implement procedures to monitor cyber-security risks, such as requiring the company’s management to report on those risks regularly.
They are seeking damages on behalf of the company and to reform its policies on cyber-security oversight.
The lawsuit is the latest fallout over the breach of SolarWinds’ software that gave hackers access to the data of thousands of companies and government offices which used its products and that US officials have attributed to Russia.
SolarWinds has said it is cooperating with investigations into the breach by the US Securities and Exchange Commission, Department of Justice and others. The company has moved to dismiss another shareholder lawsuit seeking damages for a decline in its share price.