SolarWinds investors are suing the software company’s directors, claiming they were aware of the company’s cybersecurity risks before the breach, created vulnerabilities, and failed to monitor, thousands of the company’s customer systems.
The lawsuit was filed in Delaware on Thursday after Reuters announced last December that it was the first lawsuit based on the company’s fugitive record that apparently leaked malicious code into one of the company’s software updates, exposing US government agencies and companies.
The case has a mix of current and former directors as defendants.
A Solarwinds spokesperson said the company does not comment on pending lawsuits, but is focused on “deepening” customer relationships and “openly discussing our Secure by Design initiative with a view to setting the standard for secure software development.”
Under the direction of the Missouri Pension Fund, investors claim that the board has not implemented any procedures to monitor cybersecurity risks, such as requiring management to regularly report on those risks.
They are pushing for changes in company compensation and cybersecurity monitoring policies on behalf of the company.
The case is the latest in a series of Solarwinds software breaches that have given hackers access to the data of thousands of companies and government agencies that have used its products, US officials have linked to Russia.
SolarWinds said it was working with the US Securities and Exchange Commission, the Department of Justice and others to investigate the breach. The company rejected the second lawsuit from interested parties and demanded compensation for the price reduction.