A man named Timothy Bremer has filed a class-action against the CEO and CFO of SolarWinds, a U.S. company offering information technology monitoring and management tools.
Bremer’s lawsuit accuses CEO Kevin B. Thompson and CFO J. Barton Kalsu of allegedly making false statements leading up to the December 2020 discovery that vulnerabilities in SolarWinds’ software had allowed Russian hackers to access accounts of over 250 federal agencies and businesses.
Bremer filed the suit on behalf of people and entities that purchased or otherwise acquired publicly traded SolarWinds stock from February 24 to December 15. The suit alleges that Thompson and Kalsu allowed the company to release “materially false and misleading” statements and public documents that influenced stockholders to keep their stock even as the company began realizing software vulnerabilities that led to the massive hack.
Specifically, Bremer alleges that Thompson and Kalsu repeatedly signed off on a misleading passage from the company’s 2019 Form 10-K, an annual report required by the U.S. Securities and Exchange Commission (SEC) that comprehensively summarizes a company’s financial performance.
A man named Timothy Bremer has filed a class action lawsuit seeking damages from individuals affected by the massive SolarWinds hack which occurred in March 2020 but was not widely discovered until December. In this January 23, 2018 photo, a person works at a computer during the 10th International Cybersecurity Forum in Lille, France. Phillippe Huguen / AFP/Getty
The passage, which was also included in the company’s Form 10-Qs, a quarterly financial performance report required by the SEC, addressed the company’s risk assessment on cybersecurity measures.
It said that cybersecurity attacks, which increase and become more sophisticated over time, could exploit “bugs”, design and manufacturing defects as well as other problems to inflict “damage to our own systems or our customers’ IT infrastructure or the loss or theft of our or our customers’ proprietary or other sensitive information.”
Bremer’s suit states that the passage was “misrepresented and failed to disclose… adverse facts” such as that “since mid-2020, SolarWinds Orion monitoring products had a vulnerability that allowed hackers to compromise the server upon which the products ran” and that “SolarWinds’ update server had an easily accessible password of ‘solarwinds123’.”
Thompson and Kalsu, Bremer claims, should have known that those two facts would’ve made SolarWinds’ biggest business and federal agents vulnerable to hacks, and thus, likely to harm the company’s reputation and its stock price. Not revealing these issues to stockholders, Bremer claims, constitutes securities fraud and caused stockholders to lose money that they might have otherwise saved.
Bremer’s suit asks the court to help determine the extent that the alleged factual omissions may have violated the law, the degree of Thompson and Kalsu’s involvement in the company’s public statements and the degree of financial recompense that Bremer and other stockholders should be entitled to.
Newsweek contacted SolarWinds for comment.