A section of SolarWinds investors have reportedly sued the software company’s directors, alleging they knew about and failed to monitor the cybersecurity risks to the company ahead of last year’s breach that introduced a vulnerability in the systems of thousands of its downstream customers.
The massive cyber-espionage effort that tainted the software supply chain via a rigged update to SolarWinds software was discovered back in December 2020. Pinned on state-sponsored Russian hackers, the hack was found to have affected nine federal agencies, in addition to hordes of private-sector companies.
Reuters reports the latest lawsuit, led by a Missouri pension fund, alleges that the board of the software company was at fault for failing to implement procedures to monitor cybersecurity risks, such as requiring the company’s management to report on those risks regularly.
The lawsuit reportedly names a mix of current and former directors as defendants, and in addition to seeking damages is asking for SolarWinds to reform its policies on cybersecurity oversights, such as the one that led to last year’s incident.
A SolarWinds spokesperson told Reuters that the company does not comment on pending litigation, but noted that the company is focused on “deepening” customer relationships and “openly discussing our Secure by Design initiatives as we look to set the standard for secure software development.”
The pension fund lawsuit is the latest in a string of reactions against the company as a direct result of last year’s widely reported breach.
For instance, SolarWinds has recent;y moved court to dismiss another lawsuit seeking damages for a decline in the company’s share price, shares Reuters, adding that the company is already cooperating with investigations into the software supply chain breach by the US Securities and Exchange Commission, the Department of Justice, and others.
Minimize the threat of Internet-borne attacks with the help of these best antivirus software