Cybersecurity

Investor launches class-action lawsuit against SolarWinds over hack

SolarWinds Headquarters entrance By Travel_with_me shutterstock ID: 1875241378 

SolarWinds' corporate headquarters in Austin, Texas. (Image credit: Travel_with_me/Shutterstock.com)

An investor in SolarWinds today filed a class-action lawsuit against the company and two top executives claiming SolarWinds made "materially false and misleading statements" about their security measures.

The plaintiff, Timothy Bremer, who filed the suit in a district court in Texas, cites reporting by Reuters that stated a security researcher alerted the company that its update server could be breached using the password "solarwinds123." The story also quotes a separate cybersecurity executive saying, "days after SolarWinds realized their software had been compromised, the malicious updates were still available for download."

Despite this, the lawsuit claims, SolarWinds executives did not disclose the vulnerability to the public or its customers.

The lawsuit names the company, Kevin Thompson, the chief executive officer, and J. Barton Kalsu, the chief financial officer, as defendants.

Shortly after the breach in SolarWinds Orion, an IT management software, became public in December, the company said in an SEC filing it believes up to 18,000 of its customers may have downloaded the malicious code.

Microsoft and Cybersecurity firm FireEye have both been investigating the ongoing breach that compromised multiple federal agencies. Those companies have estimated about 40 and 50 organizations, respectively, were actively victimized by hackers.

The New York Times reported over the weekend the intelligence community now believes the hack "affected upward of 250 federal agencies and businesses."

Microsoft declined to comment on its previous estimate.

A spokeswoman for FireEye today declined to provide an updated figure. "There are a number of estimates going around based on different visibility. These should be viewed still as estimates at this point and variance is normal," she added.

About the Author

Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle acquisition and congressional oversight of the Pentagon. Prior to reporting for Inside Defense, Katz covered community news in the Baltimore and Washington D.C. areas. Connect with him on Twitter at @JustinSKatz.

Featured

  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/Shutterstock.com)

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected