New York Carpenters Pension Fund Defeats Motions to Dismiss in SolarWinds Securities Class Action Lawsuit


The United States District Court for the Western District of Texas, Austin Division, recently denied in their entirety all but one of four motions to dismiss made by Defendants in the federal securities class action In Re SolarWinds Corporation Securities Litigation, 1:21-CV-138-RP, 2022 WL 958385 (W.D. Tex. Mar. 30, 2022) (“In Re SolarWinds”). The Section 10(b) securities fraud case concerns the now infamous SolarWinds cybersecurity breach. In brief, SolarWinds Corporation (“SolarWinds”), a publicly traded, Texas-based software company, was the victim of a significant cyberattack perpetrated by the Russian Foreign Intelligence Service (as formally named by the White House) whereby a malicious code was injected into SolarWinds’ ‘Orion’ software and sent by SolarWinds via a software update to its customers. The malicious code, which compromised thousands of computer systems across the globe and left them vulnerable to espionage and disruption, was sent to such U.S. government agencies as the National Nuclear Security Administration and the Treasury Department, as well as to such private companies as Microsoft and Deloitte. In response, the Biden Administration formally named the Russian Foreign Intelligence Service “as the perpetrator of the broad-scope cyber espionage campaign that exploited the SolarWinds Orion platform” as part of its broader Executive Order sanctioning Russia.[1]  Unsurprisingly, the cybersecurity breach led customers to abandon the software and caused SolarWinds’ stock to nosedive by 34%.[2] 

The New York City District Council of Carpenters Pension Fund, the Lead Plaintiff in the action (“Lead Plaintiff”), brought this securities class action against SolarWinds, Tim Brown (VP of Security Architecture during the Class Period; “Brown”), Kevin B. Thompson (CEO during the Class Period; “Thompson”), Silver Lake Group, LLC, Silver Lake Technology Management, LLC, and Thoma Bravo, LP (private equity firms that owned stock in SolarWinds). Lead Plaintiff alleged that “SolarWinds ‘falsely and misleadingly’ told investors that SolarWinds had a robust cybersecurity system and adhered to specific cybersecurity practices set forth in a ‘Security Statement’ on its website”, and otherwise misrepresented its security measures, as evident by a presentation given by Ian Thornton-Trump, a former SolarWinds Global Cybersecurity Strategist, to SolarWinds’ top executives where he “addressed SolarWinds’ deficient cybersecurity practices”, the public availability for one-and-a-half years of the password “solarwinds 123” for its Update Server (an issue which SolarWinds failed to disclose), and ten former employees of SolarWinds who stated that the company lacked a security information policy, security team, and password policy, among other pertinent security measures.[3] 

In its Decision, the Court denied all but one motion in its entirety – that of Thompson’s  , with leave given to amend the scienter allegations.[4]  Of note in the Decision is the Court’s holding with respect to that part of Brown and SolarWinds’ Motion to Dismiss that sought to dismiss the Complaint on the grounds that the Company’s risk disclosure statements adequately disclosed the risk of such a cyberattack and   therefore there could be no misstatement by omission. They relied on SEC filings in which the Company disclosed that Solarwinds  ‘could suffer a loss of revenue, and increased costs, exposure to significant liability if it experiences cyberattacks”.[5]  The Court rejected this argument and held that these disclosures do “not force the conclusion that their alleged statements were not false or misleading”, further noting that “Plaintiffs are not claiming Defendants’ statements commending their cybersecurity measures must have been false because the attack at issue occurred. Instead, they have alleged separate facts that the cybersecurity measures at the company were not as they were portrayed, such as the ‘solarwinds123’ password incident, the statements of former employees, and Thornton-Trump’s presentation.”[6] 

The Decision can be found here.

_________________________________

[1] Statements and Releases, The White House, FACT SHEET: Imposing Costs for Harmful Foreign Activities by the Russian Government, Apr. 15, 2021, https://www.whitehouse.gov/briefing-room/statements-releases/2021/04/15/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government/ (last visited Apr. 12, 2022).

[2] For news articles supporting the facts set forth in this paragraph, see: Dina Temple-Raston, A ‘Worst Nightmare’ Cyberattack: The Untold Story of the SolarWinds Hack, NPR, Apr. 16, 2021, https://www.npr.org/2021/04/16/985439655/a-worst-nightmare-cyberattack-the-untold-story-of-the-solarwinds-hack> (last visited Apr. 12, 2022); and Isabella Jibilian and Katie Canales, The US is readying sanctions against Russia over the SolarWinds cyber attack. Here’s a simple explanation of how the massive hack happened and why it’s such a big deal, Business Insider, Apr. 15, 2021, https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12 (last visited Apr. 11, 2022). See also In Re SolarWinds at *1.

[3] In Re SolarWinds at *2.

[4] The Court granted Defendant Thompson’s motion to dismiss on the grounds that Plaintiffs “failed to plead facts supporting a strong inference that he acted with scienter”, holding that “Plaintiffs plead no facts to suggest that Thompson held himself out as an authority on SolarWinds’ cybersecurity measures, other than to broadly allege he focused on cost savings at the expense of cybersecurity. In Re SolarWinds at *11.

[5] In Re SolarWinds at *8.

[6] In Re SolarWinds at *8 (italics emphasis original).

 

About Faruqi & Faruqi, LLP

Faruqi & Faruqi, LLP focuses on complex civil litigation, including securities, antitrust, wage and hour and consumer class actions as well as shareholder derivative and merger and transactional litigation. The firm is headquartered in New York, and maintains offices in California, Georgia and Pennsylvania.

Since its founding in 1995, Faruqi & Faruqi, LLP has served as lead or co-lead counsel in numerous high-profile cases which ultimately provided significant recoveries to investors, direct purchasers, consumers and employees.

To schedule a free consultation with our attorneys and to learn more about your legal rights, call our offices today at (877) 247-4292 or (212) 983-9330.

Tags: faruqi & faruqi, investigation, news, litigation, settlement notice, case, faruqi law, faruqi blog, faruqilaw, Thomas T. Papain, securities litigation Faruqi & Faruqi Faruqi & Faruqi

New York office
Tel: (212) 983-9330
Fax: (212) 983-9331

Finding us

Our Offices


Our offices are nationwide. If you have any questions about a case or our firm, please contact us.

New York

685 Third Avenue 26th Floor
New York, New York 10017
(212) 983-9330
(877) 247-4292
(212) 983-9331

California

1901 Avenue of the Stars Suite 1060
Los Angeles, California 90067
(424) 256-2884
(424) 256-2885

Georgia

3565 Piedmont Road NE Building Four, Suite 380
Atlanta, Georgia 30305
(404) 847-0617
(404) 506-9534

Pennsylvania

1617 JFK Boulevard, Suite 1550
Philadelphia, Pennsylvania 19103
(215) 277-5770
(215) 277-5771

Faruqi & Faruqi office in New York, New York

Faruqi & Faruqi office in Los Angeles, California

Faruqi & Faruqi office in Atlanta, Georgia

Faruqi & Faruqi office in Philadelphia, Pennsylvania