Cybersecurity

Investor launches class-action lawsuit against SolarWinds over hack

SolarWinds Headquarters entrance By Travel_with_me shutterstock ID: 1875241378 

SolarWinds' corporate headquarters in Austin, Texas. (Image credit: Travel_with_me/Shutterstock.com)

An investor in SolarWinds today filed a class-action lawsuit against the company and two top executives claiming SolarWinds made "materially false and misleading statements" about their security measures.

The plaintiff, Timothy Bremer, who filed the suit in a district court in Texas, cites reporting by Reuters that stated a security researcher alerted the company that its update server could be breached using the password "solarwinds123." The story also quotes a separate cybersecurity executive saying, "days after SolarWinds realized their software had been compromised, the malicious updates were still available for download."

Despite this, the lawsuit claims, SolarWinds executives did not disclose the vulnerability to the public or its customers.

The lawsuit names the company, Kevin Thompson, the chief executive officer, and J. Barton Kalsu, the chief financial officer, as defendants.

Shortly after the breach in SolarWinds Orion, an IT management software, became public in December, the company said in an SEC filing it believes up to 18,000 of its customers may have downloaded the malicious code.

Microsoft and Cybersecurity firm FireEye have both been investigating the ongoing breach that compromised multiple federal agencies. Those companies have estimated about 40 and 50 organizations, respectively, were actively victimized by hackers.

The New York Times reported over the weekend the intelligence community now believes the hack "affected upward of 250 federal agencies and businesses."

Microsoft declined to comment on its previous estimate.

A spokeswoman for FireEye today declined to provide an updated figure. "There are a number of estimates going around based on different visibility. These should be viewed still as estimates at this point and variance is normal," she added.

About the Author

Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle acquisition and congressional oversight of the Pentagon. Prior to reporting for Inside Defense, Katz covered community news in the Baltimore and Washington D.C. areas. Connect with him on Twitter at @JustinSKatz.


Featured

  • Comment
    customer experience (garagestock/Shutterstock.com)

    Leveraging the TMF to improve customer experience

    Focusing on customer experience as part of the Technology Modernization Fund investment strategy will enable agencies to improve service and build trust in government.

  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

Stay Connected