On March 30, 2022, Judge Robert Pitman of the Western District of Texas dismissed most of the motion to dismiss the alleged class action lawsuit under the Securities Exchange Act of 1934 against the information technology company, some of its executives, and private equity. companies that owned the company’s securities. In the SolarWinds Corp. section. Litig., no. 1: 21-CV-138-RP (WD Tex. March 30, 2022). The applicants alleged that the company’s statements concerning its cyber security policies and procedures proved to be untrue and misleading following the disclosure of the breach. The court ruled that the applicants had reasonably alleged the falsity, scientificity and cause of the loss, with the exception of those of the CEO, whose allegations as to whom the court had granted the applicants permission to repeat.
The court ruled that the plaintiffs reasonably claimed that the company’s chief executive officer and vice president of security architecture had made incorrect allegations by allegedly reviewing and approving a “security statement” on the company’s website that allegedly misrepresented the company’s cyber policy and practices. security. . Slip Op. na 14-15, 21. In addition, the Court ruled that statements indicating that society was focusing on the “hygiene” of cyber security could be considered misleading in the context of “differences between the image projected by the speaker and reality on the ground.” Id. 16. The Court further ruled that the company’s disclosure of the risk of cyber attacks did not protect it, as the applicants did not merely point to the fact that a security breach had occurred, but rather “asserted the separate facts that the company’s cyber security measures were not what they portrayed. . ” Id. at 17.
The court also ruled that the applicants’ allegations concerning the vice president of the security architecture supported the strong conclusion of the scientist on his part, as he promoted the company’s security measures, posing as a “responsible and informed authority regarding [the company’s] cyber security measures ’. Id. 10. The Court ruled that allegations that the Vice-President had allowed a separate server vulnerability unrelated to the violation supported the scientist’s findings and that former staff’s statements regarding the lack of proper cyber security protocols were considered relevant, even though those staff did not work directly on security protocols. the company was not even associated with its security team. Id. at 11-12 o’clock The court noted that several of the disputed statements generally concerned the company’s employee practices and that an assessment of the facts would suggest that the vice president of security architecture “may have been aware” of whether the company’s security policies were being followed. Id. at 12-13 p.m.
As regards the managing director of the company, the Court agreed that the applicants had not sufficiently accused the scientist, as the applicants claimed that “there is no evidence that [the CEO] acted as an authority on [the company’s] cyber security measures ’. Id. 22. In addition, while the applicants alleged that the Director-General had sold more than 39% of his company’s shares shortly before the breach of security was published as evidence to scientists, the Court ruled that the Director-General had provided an acceptable competitive deduction – that he had previously announced its departure from the company and sold its shares in accordance with plan 10b5-1 implemented before the company became aware of the security breach. Id. at 23.
As to the cause of the loss, the defendants argued that the fall in stock prices following the detection of the breach could not be linked to any specific company practices. Id. at 6-19 p.m. However, the court ruled that the alleged remedial disclosures “at least indicate that the breach of security was more likely than not due to the company’s alleged lack of security”. Id. at 19.
The court also ruled that the plaintiffs reasonably claimed the supervisor’s liability to two private investment companies, each of which allegedly controlled 40% of the company. Id. at 25-26 o’clock Private equity firms argued that none of them were majority shareholders and their holdings should not be combined to derive majority control, but the Court ruled that the assessment of allegations of control was subject to a “relaxed” and “moderate” standard. . Id. v 26. The plaintiffs reasonably argued that the Court ruled that private equity companies “acted uniformly, bought and [c]ompany private together ”and then“ joint re-disclosure of the company ”,“ retention of the same number of shares of the company ”and then sale of shares after the IPO of the company“ together, on the same day and in almost equal quantities ”. Id.
Links and downloads –
In the SolarWinds Corp. section. Litig.