Without admitting any wrongdoing on its part, SolarWinds has agreed to a multi-million dollar settlement with shareholders over a lawsuit filed in the aftermath of the infamous cyber espionage campaign that came to light in December 2020.
Widely referred to as the SolarWinds attack or SolarWinds incident, the cyberattack spurred a shareholder lawsuitOpens a new window in January 2021 that alleged that the company misled them and lied about its security practices, including having a password as weak as solarwinds123 protecting a server.
Shareholders named the company, its CEO Kevin Thompson and CFO Barton Kalsu as defendants in the class-action lawsuit. According to SolarWinds’ 8-K filingOpens a new window with the Securities and Exchange Commission (SEC), the company has agreed to a $26 million settlement with its stockholders who acquired publicly traded SolarWinds equity between February 24, 2020, to December 15, 2020.
SolarWinds also revealed that it expects enforcement action, or in other words, a regulatory fine, from the SEC.
The settlement is pending approval from a judge. Once approved, the payment will also cover the legal fees of the plaintiffs’ counsel and the costs of administering the settlement, besides the $26 million.
See More: 250 U.S-Based Websites, Including News Agencies, Infected as TA569 Compromises the Ad Supply Chain
“The proposed settlement resolves all claims asserted against the Company and the other named defendants in connection with the class action litigation and would contain provisions that the settlement does not constitute an admission, concession, or finding of any fault, liability, or wrongdoing of any kind by the Company or any defendant,†SolarWinds stated in the filing.
The SolarWinds attack was a massive cyberattack that blew open the discourse around the gaps in the software supply chain. Perpetrated by a Russian nation-state group, it was discovered in December 2020 by Mandiant after stealthily conducting cyber espionage activities for months.
The incident involved threat actors compromising an update in SolarWinds Orion, a network monitoring tool employed by thousands of companies. Approximately 18,000 SolarWinds customers downloaded this malicious update that allowed hackers to set up backdoors to the systems of almost 100 organizations, including U.S. government entities.
Besides the security and tech-related ramifications, the widespread attack also had financial implications. On the day the SolarWinds Orion breach was disclosed, the company’s share price dropped by almost 40%. After a brief recovery in 2021, Solarwinds was trading at $8.61 on November 4, 2022, 65% less than its price before the disclosure.
Moreover, the fact that CEO Kevin Thompson sold $15 million worth of SolarWinds stock in November 2022 and Thoma Bravo and Silver Lake Technology Management (both with multiple members on the SolarWinds board) sold nearly $459 million worth of stock in December 2020 doesn’t paint a reassuring picture.
In response to the impending SEC action, probably a penalty, SolarWinds said it “maintains that its disclosures, public statements, controls and procedures were appropriate and will submit a response to the SEC staff’s position.â€
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!
Image source: Shutterstock