Lawsuit claims SolarWinds reportedly knew about cybersecurity issues before attack
SolarWinds saga (and the lawsuits) just fail to die
A section of SolarWinds investors have reportedly sued the software company's directors, alleging they knew about and failed to monitor the cybersecurity risks to the company ahead of last year’s breach that introduced a vulnerability in the systems of thousands of its downstream customers.
The massive cyber-espionage effort that tainted the software supply chain via a rigged update to SolarWinds software was discovered back in December 2020. Pinned on state-sponsored Russian hackers, the hack was found to have affected nine federal agencies, in addition to hordes of private-sector companies.
Reuters reports the latest lawsuit, led by a Missouri pension fund, alleges that the board of the software company was at fault for failing to implement procedures to monitor cybersecurity risks, such as requiring the company's management to report on those risks regularly.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
Ongoing saga
The lawsuit reportedly names a mix of current and former directors as defendants, and in addition to seeking damages is asking for SolarWinds to reform its policies on cybersecurity oversights, such as the one that led to last year’s incident.
A SolarWinds spokesperson told Reuters that the company does not comment on pending litigation, but noted that the company is focused on "deepening" customer relationships and "openly discussing our Secure by Design initiatives as we look to set the standard for secure software development."
The pension fund lawsuit is the latest in a string of reactions against the company as a direct result of last year’s widely reported breach.
For instance, SolarWinds has recent;y moved court to dismiss another lawsuit seeking damages for a decline in the company’s share price, shares Reuters, adding that the company is already cooperating with investigations into the software supply chain breach by the US Securities and Exchange Commission, the Department of Justice, and others.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Minimize the threat of Internet-borne attacks with the help of these best antivirus software
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.