SolarWinds investors have sued the company's directors, alleging that they knew about the cyber security risks to the firm, but failed to implement or oversee any reasonable monitoring system ahead of the last year's massive hack.
The breach enabled threat actors to compromise at least nine US government agencies and hundreds of private firms after exploiting a security bug in SolarWind's software.
The derivative lawsuit was filed in Delaware Chancery Court by the Construction Industry Laborers Pension Fund, the Central Laborers' Pension Fund, and two individual SolarWinds investors on 4th November.
It names a mix of current and former directors as defendants, accusing them of turning a blind eye to widespread warnings before the hack about "heightened risk" of "supply chain" attacks on cybersecurity firms themselves.
"These oversight failures had grave consequences," it says.
The lawsuit seeks damages on behalf of the firm and to reform its policies on cyber-security oversight.
A SolarWinds spokesman told Bloomberg Law that the company does not comment on pending litigation, but the "action is similar to a purported derivative lawsuit filed earlier this year."
"More importantly, we continue to focus on deepening our relationships with customers and openly discussing our Secure by Design initiatives as we look to set the standard for secure software development," the spokesperson added.
SolarWinds has previously said it is cooperating with the US Securities and Exchange Commission (SEC), Department of Justice, and other agencies over investigations into the breach.
The company has also moved to dismiss another shareholder lawsuit seeking ..
Support the originator by clicking the read the rest link below.
