Skip to main content

Lawsuit claims SolarWinds reportedly knew about cybersecurity issues before attack

Image depicting a hand on a scanner
(Image credit: Pixabay)

A section of SolarWinds investors have reportedly sued the software company's directors, alleging they knew about and failed to monitor the cybersecurity risks to the company ahead of last year’s breach that introduced a vulnerability in the systems of thousands of its downstream customers. 

The massive cyber-espionage effort that tainted the software supply chain via a rigged update to SolarWinds software was discovered back in December 2020. Pinned on state-sponsored Russian hackers, the hack was found to have affected nine federal agencies, in addition to hordes of private-sector companies.

Reuters reports the latest lawsuit, led by a Missouri pension fund, alleges that the board of the software company was at fault for failing to implement procedures to monitor cybersecurity risks, such as requiring the company's management to report on those risks regularly.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

Ongoing saga

The lawsuit reportedly names a mix of current and former directors as defendants, and in addition to seeking damages is asking for SolarWinds to reform its policies on cybersecurity oversights, such as the one that led to last year’s incident.

A SolarWinds spokesperson told Reuters that the company does not comment on pending litigation, but noted that the company is focused on "deepening" customer relationships and "openly discussing our Secure by Design initiatives as we look to set the standard for secure software development."

The pension fund lawsuit is the latest in a string of reactions against the company as a direct result of last year’s widely reported breach. 

For instance, SolarWinds has recent;y moved court to dismiss another lawsuit seeking damages for a decline in the company’s share price, shares Reuters, adding that the company is already cooperating with investigations into the software supply chain breach by the US Securities and Exchange Commission, the Department of Justice, and others. 

Minimize the threat of Internet-borne attacks with the help of these best antivirus software

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.