SolarWinds says shareholders' cyber disclosure lawsuit fails

The SolarWinds logo is seen outside its headquarters in Austin, Texas, U.S., December 18, 2020. REUTERS/Sergio Flores
  • Lawsuit claims investors misled before 2020 breach revelation
  • Company says market was warned of security risks
  • Two biggest shareholders were also sued, seek to dismiss claims

(Reuters) - SolarWinds Corp urged a Texas federal judge to dismiss a lawsuit alleging the software company that was targeted by hackers misled shareholders about its cybersecurity measures ahead of a massive breach.

The Austin-based company said in a motion to dismiss the proposed class action on Monday that it had never claimed to be immune to cyberattacks, and that the lawsuit failed to allege how statements about the company's cybersecurity measures were false.

"The cyberattack and the ensuing decline in SolarWinds’ stock price were materializations of risks about which the company explicitly and repeatedly warned investors," SolarWinds said.

Attorneys for the New York pension fund leading the litigation declined to comment on Tuesday.

In December, U.S. regulators found that a breach of SolarWinds' software by a foreign actor gave hackers access to the data of thousands of companies and government offices that used its products.

The United States and Britain have blamed Russia's Foreign Intelligence Service for the hack that compromised nine U.S. federal agencies and hundreds of U.S. private sector companies.

Investors sued SolarWinds early this year, alleging the company and two executives touted cybersecurity measures publicly while prioritizing cost cutting and profit for SolarWinds' two largest investors.

The pension fund's complaint cites anonymous former employees who claimed the company lacked internal cybersecurity personnel, policies and training.

It claimed those decisions were part of former chief executive Kevin Thompson's attempt to cut costs and drive profits for Silver Lake and Thoma Bravo, which each held around 40% of SolarWinds' stock.

Thompson and the two private equity firms separately moved to dismiss the claims against them on Monday.

The private investors argued their separate stakes in the company and appointment of three members each to its ten-member board did not make them "control persons" under U.S. securities law.

The lawsuit contained no allegations that they exercised control over the software company's operations or cybersecurity disclosures, they said.

Thompson's motion called the allegation about his motives "incoherent" and said the lawsuit failed to allege he made misstatements.

The case is In re SolarWinds Corporation Securities Litigation, U.S. District Court, Western District of Texas, No. 21-00138.

For the proposed class: John Rizio-Hamilton, Jonathan Uslaner, Benjamin Horowitz and Thomas Sperber of Bernstein Litowitz Berger & Grossmann

For SolarWinds and executives: Paul Bessette, Michael Biles, Saliya Subasinghe and Jessica England of King & Spalding

Additional counsel for Thompson: Peter Welsh, Thomas Brown and Kathryn Caldwell of Ropes & Gray

For Silver Lake: Jesse Weiss of Edmundson Shelton Weiss and Sameer Advani and Wesley Powell of Willkie Farr & Gallagher

For Thoma Bravo: Anna Rotman, Sandra Goldstein, Stefan Atkinson and Byron Pacheco of Kirkland & Ellis

Read More:

SolarWinds shareholders sue over cybersecurity disclosures

U.S. SEC probing SolarWinds clients over cyber breach disclosures -sources

Our Standards: The Thomson Reuters Trust Principles.

Thomson Reuters

Jody Godoy reports on banking and securities law. Reach her at