Image courtesy; The Guardian
Investors in SolarWinds Corp (SWI.N) have sued the software company’s directors, alleging that they were aware of and failed to manage cybersecurity threats prior to a hack that exposed thousands of its customers’ systems.
The action, which was filed in Delaware on Thursday, appears to be the first based on information demanded by shareholders after Reuters reported last December that malicious code injected into one of the company’s software updates exposed US government agencies and businesses.
A number of current and previous directors are named as defendants in the complaint.
SolarWinds is focused on “deepening” client relationships and “openly discussing our Secure by Design activities as we aim to set the benchmark for secure software development,” according to a spokeswoman.
The investors, represented by a Missouri pension fund, claim that the board of directors failed to create measures to monitor cybersecurity risks, such as forcing management to report on those risks on a regular basis.
They are suing on behalf of the corporation for damages and to modify the company’s cybersecurity policy.
The action is the latest repercussion of the SolarWinds software breach, which provided hackers access to the data of thousands of companies and government agencies that used the company’s products and was blamed on Russia by US officials.
SolarWinds has stated that the company is collaborating with the US Securities and Exchange Commission, Department of Justice, and other inquiries into the incident. Another shareholder complaint claiming damages for a drop in the business’s stock price has been dismissed by the corporation.