SolarWinds Corporation

On December 13, 2020, Reuters reported hackers have been monitoring email traffic at the U.S. Treasury and Commerce departments. The hackers are believed to have breached the emails by deceptively interfering with updates released by SolarWinds, which services various government vendors in the executive branch, the military, and the intelligence services. 

On December 14, 2020, the Company disclosed that “a vulnerability [was inserted] within its Orion monitoring products which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run.” The vulnerability was inserted in Orion products downloaded, as well as updates released, between March and June 2020. 

On this news, the Company’s stock price fell $3.93, or 17%, to close at $19.62 per share on December 14, 2020, thereby injuring investors.

Then, on December 15, 2020, Reuters reported that Vinoth Kumar, a security researcher, alerted the Company last year that anyone could access SolarWinds’ update server by using the password “solarwinds123.” The article also reported that co-founder of cybersecurity company Huntress, Kyle Hanslovan, noticed the malicious updates were still available for download even days after SolarWinds was aware their software was compromised.

On this news, the Company’s stock price fell $1.56, or 8%, to close at $18.06 per share on December 15, 2020, thereby injuring investors further. 

The complaint filed alleges that throughout the Class Period, Defendants made materially false and/or misleading statements, as well as failed to disclose material adverse facts about the Company’s business, operations, and prospects. Specifically, Defendants failed to disclose to investors that: (1) since mid-2020, SolarWinds Orion monitoring products had a vulnerability that allowed hackers to compromise the server upon which the products ran; (2) SolarWinds' update server had an easily accessible password of 'solarwinds123'; (3) consequently, SolarWinds' customers, including, among others, the Federal Government, Microsoft, Cisco, and Nvidia, would be vulnerable to hacks; (4) as a result, the Company would suffer significant reputational harm; and (5) as a result, Defendants' statements about its business, operations, and prospects, were materially false and misleading and/or lacked a reasonable basis at all relevant times.