Lawsuit claims SolarWinds reportedly knew about cybersecurity issues before attack

Image depicting a hand on a scanner
(Image credit: Pixabay)

A section of SolarWinds (opens in new tab) investors have reportedly sued the software company's directors, alleging they knew about and failed to monitor the cybersecurity (opens in new tab) risks to the company ahead of last year’s breach that introduced a vulnerability in the systems of thousands of its downstream customers. 

The massive cyber-espionage effort (opens in new tab) that tainted the software supply chain via a rigged update to SolarWinds software was discovered back in December 2020. Pinned on state-sponsored Russian hackers, the hack was found to have affected nine federal agencies, in addition to hordes of private-sector companies.

Reuters (opens in new tab) reports the latest lawsuit, led by a Missouri pension fund, alleges that the board of the software company was at fault for failing to implement procedures to monitor cybersecurity risks, such as requiring the company's management to report on those risks regularly.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window (opens in new tab) <<

Ongoing saga

The lawsuit reportedly names a mix of current and former directors as defendants, and in addition to seeking damages is asking for SolarWinds to reform its policies on cybersecurity oversights, such as the one that led to last year’s incident.

A SolarWinds spokesperson told Reuters that the company does not comment on pending litigation, but noted that the company is focused on "deepening" customer relationships and "openly discussing our Secure by Design initiatives as we look to set the standard for secure software development."

The pension fund lawsuit is the latest in a string of reactions against the company as a direct result of last year’s widely reported breach. 

For instance, SolarWinds has recent;y moved court to dismiss another lawsuit seeking damages for a decline in the company’s share price, shares Reuters, adding that the company is already cooperating with investigations into the software supply chain breach by the US Securities and Exchange Commission, the Department of Justice, and others. 

Minimize the threat of Internet-borne attacks with the help of these best antivirus software (opens in new tab)

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.