SolarWinds investors allege board was aware of cyber risks

Nov. 5 (Reuters) – Investors in SolarWinds Corp (SWI.N) sued the directors of the software company, alleging they knew and did not monitor cybersecurity risks to the company before a breach that created a vulnerability in thousands of its customers’ systems.

The lawsuit filed in Delaware on Thursday appears to be the first based on records demanded by the company’s shareholders after Reuters reported last December that malicious code inserted into one of the company’s software updates left government agencies and US businesses exposed.

The lawsuit names a mix of current and former directors as defendants.

A spokesperson for SolarWinds said the company is not commenting on pending litigation, but noted that it is focused on “deepening” customer relationships and “openly discussing our Secure by Design initiatives as we seek to set the standard for the development of secure software “.

Led by a Missouri pension fund, investors allege the board failed to implement procedures to monitor cybersecurity risks, such as requiring company management to report regularly on these risks.

They are seeking damages on behalf of the company and reforming company policies on cybersecurity oversight.

The lawsuit is the latest consequence of the SolarWinds software breach, which gave hackers access to data from thousands of companies and government offices that used its products and which US officials attributed to Russia.

SolarWinds has said it is cooperating with investigations into the violation by the United States Securities and Exchange Commission, the Department of Justice and others. The company decided to dismiss another shareholder lawsuit seeking damages for a drop in its share price.

Reporting by Jody Godoy in New York; additional reporting by Sierra Jackson Editing by Noeleen Walder and Matthew Lewis

Our standards: Thomson Reuters Trust Principles.

Margie D. Carlisle