First Securities Class Action Complaint Filed In 2021 Following Disclosure Of Cyberattack On SolarWinds Corporation

On January 4, 2021, a putative securities class action complaint was filed in the United States District Court for the Western District of Texas against SolarWinds Corporation (“SolarWinds”), SolarWinds’ CEO and CFO.[1]  This is the first securities class action lawsuit to be brought in 2021, and it underscores the continued significance of cybersecurity issues for public companies, having been initiated shortly after SolarWinds disclosed it was the victim of a cyberattack.  The SolarWinds complaint, and its implications, are discussed below.  


Public companies that experience cybersecurity incidents are increasingly targeted for securities class action lawsuits.  These cases face a high pleading threshold and most do not survive the motion to dismiss stage.  Nonetheless, plaintiffs will continue to seek to hold companies accountable under the securities laws following a cybersecurity breach. 


SolarWinds is a Delaware company that provides information technology (“IT”) infrastructure management software products in the United States and internationally.  It offers products to monitor and manage network, system, desktop, application, storage, and database and website infrastructures, on premise, via cloud or in a hybrid IT infrastructure.

On December 13, 2020, Reuters reported that hackers alleged to be working for the Russian government had gained access to emails at the U.S. Treasury and Commerce departments by interfering with SolarWinds’ software updates.  SolarWinds filed an 8-K with the SEC on December 14, 2020, disclosing a cyberattack that was “likely the result of a highly sophisticated, targeted and manual supply chain attack by an outside nation state.”  SolarWinds’ shares then fell 17% on December 14, 2020.  On December 15, 2020, Reuters further reported SolarWinds had knowledge that “anyone could access SolarWinds’ update server by using the password ‘solarwinds123’” and that the “malicious updates were still available for download” days after SolarWinds realized its software had been compromised.  SolarWinds’ stock price then fell an additional 8%.    

The complaint, filed on behalf of investors who acquired SolarWinds stock from February 24, 2020 through December 15, 2020, asserts claims under Section 10(b) and Rule 10b-5, as well as Section 20(a) of the Securities Exchange Act of 1934.  It alleges that SolarWinds’  2019 10-K and 2020 10-Q statements were false or misleading due to the failure to disclose the vulnerability of SolarWinds’ products and servers to hackers. 


The SolarWinds putative class action complaint indicates plaintiff attorneys will continue to target public companies that experience cybersecurity incidents in 2021.  If the SolarWinds complaint remains operative, it is unlikely to withstand a motion to dismiss because, among other deficiencies, the allegations as to scienter probably fall short of applicable federal pleading standards.  Nonetheless, the complaint is emblematic of the type of securities lawsuits filed in response to cybersecurity incidents observed in recent years that are likely to endure in 2021.   

[1] Bremer v. SolarWinds Corporation et al., No. 1:21-cv-00002 (W.D. Tex. Jan. 4, 2021).

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Seyfarth Shaw LLP | Attorney Advertising

Written by:

Seyfarth Shaw LLP

Seyfarth Shaw LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide