The Washington PostDemocracy Dies in Darkness

Canada’s largest pension fund bought SolarWinds stake days before hacking disclosure, stock plunge

Experts say the deal, which caused the Canadian pension fund to lose over $100 million in two weeks, is likely to be reviewed for insider trading.

SolarWinds headquarters in Austin. (Reuters/Sergio Flores)

For decades, Canada built a reputation as a savvy investor of its public pension plans, deploying billions of dollars to acquire lucrative stakes in tech start-ups, media giants and retailers.

This month, the country’s largest pension fund lost $100 million on a single deal after the ink had barely dried.

The Canada Pension Plan Investment Board (CPPIB) was the unlucky recent buyer of a 5 percent stake in SolarWinds, the Texas-based business software maker that was compromised by a far-reaching Russian espionage attack discovered this month. The largest shareholders in SolarWinds agreed to sell CPPIB the stake for $315 million on Dec. 7, just days before the tech company’s public disclosure of the hack crushed its stock price more than 20 percent.

SolarWinds and its two biggest shareholders, Silver Lake and Thoma Bravo, have said they first learned of the security breach after the agreement was reached, chalking the stock loss up to unfortunate timing on the part of the Canadians.

Investors in breached software firm SolarWinds traded $280 million in stock days before hack was revealedbefore

But legal experts say the transaction is likely to be scrutinized by U.S. securities regulators, who will try to determine whether the investors withheld information about the possibility of a hack before unloading their stakes in SolarWinds. Additionally, CPPIB is likely to investigate whether Silver Lake and Thoma Bravo broke the terms of their contract by failing to disclose any known risks of a cybersecurity breach, said Joshua Mitts, an associate professor of law at Columbia University who researches corporate disclosures.

Specifically, investigators will seek evidence of when the stock deal was arranged and how the investors pitched the opportunity to CPPIB, Mitts said. They probably will also examine claims by a former SolarWinds adviser who said he resigned from his role at the company in 2017 because it refused to address its vulnerabilities to cyberattacks.

If Silver Lake and Thoma Bravo knew of these or other security concerns and failed to disclose them before the stock sale, “that could rise to a breach-of-contract claim,” Mitts said.

Shares in SolarWinds hit an eight-month low of $14.18 on Dec. 18, down 40 percent since CPPIB purchased shares less than two weeks earlier. As of Wednesday, CPPIB had lost about $113 million on the investment.

The embarrassing financial loss may strain the relationship between the Canadian pension investors and Silver Lake, longtime partners that have worked together on a string of successful tech deals. The pair teamed up to buy a majority stake in Skype for about $2 billion in 2009, flipping the Web video calling service to Microsoft for more than three times that price after less than two years.

Michel Leduc, senior managing director at CPPIB, said in an emailed statement that “to the best of our knowledge no one was aware of the hack leading to our capital commitment.” He added, however, that CPPIB is “always focused on the very best interests of the fund and we will continue to assess the circumstances for optimal certainty.”

Spokesmen for Silver Lake and Thoma Bravo declined to comment for this story.

Before the revelations of Russian hacking, the SolarWinds stock sale appeared to be a routine transaction.

Silver Lake and Thoma Bravo, who partnered to buy out SolarWinds in 2014, took the company public in 2018 and gradually began selling off their shares. This is common practice for private equity firms, which tend to cash out their investments in companies within a few years of taking them public, said Ludovic Phalippou, an economics professor at Oxford’s Said School of Business and an author of books on private equity.

Rather than sell shares on the open market, the investors commonly hire a banker to help them find a large institutional investor that can afford to buy a block of shares and hold them for many years, Phalippou said.

Canada Pension Plan, with more than $400 billion under management, is one of the largest pension funds in the world. It manages public funds but is operated independently from the Canadian government. CPPIB has invested more than $4 billion in Silver Lake and Thoma Bravo funds since 2004, according to its website.

The SolarWinds stock deal was agreed to on Dec. 7. Two days later, in a news release announcing a change in the company’s chief executive, SolarWinds identified Canada Pension Plan as its newest 5 percent shareholder. A regulatory filing said the buyer paid $21.97 per share, a 6 percent discount to that day’s closing share price.

The investors declined to share a copy of the investment contract or discuss details about the deal, such as when the negotiations took place and whether cybersecurity threats were discussed.

Neither SolarWinds, SilverLake nor Thoma Bravo have said definitively when they first learned of the cyberattack. Representatives from all three firms have pointed to the timeline laid out in a SolarWinds regulatory filing, which said that on Dec. 12, the company’s CEO was “advised by an executive at [cybersecurity firm] FireEye of a security vulnerability” in its software. The statement strongly suggests, but does not explicitly say, that was the first time SolarWinds knew about the attack.

Because of their shared history and CPPIB’s growing influence over the investment world, Silver Lake and Thoma Bravo would be taking a major risk if they deliberately sold the Canadians on a bad deal, Phalippou said. “CPPIB is the most famous institutional investor in the world,” he said. “If you’re going to screw someone, it would probably be the wrong person to screw.”

DIH, State and NIH join list of federal agencies hacked in major Russian cyberespionage campaign

But at least some insiders at SolarWinds were aware of their software’s vulnerability to a cyberattack long before the Russians gained access to their systems.

Ian Thornton-Trump, who began working as a cybersecurity adviser to SolarWinds in 2014, said he confronted executives at the company about its vulnerability years ago.

“My belief is that from a security perspective, SolarWinds was an incredibly easy target to hack,” Thornton-Trump said in an interview with Bloomberg this month. He said he resigned from SolarWinds in 2017, after leadership refused to act on his recommendations, including hiring a director of cybersecurity.

Thornton-Trump confirmed that account to The Washington Post but declined to comment further on his time at SolarWinds. It’s unclear whether Silver Lake or Thoma Bravo, which control 70 percent of the company and six of its board seats, were ever briefed on his concerns.

In an emailed statement, SolarWinds spokesman Ryan Toohey said the company is working with law enforcement and intelligence agencies to investigate the attack and is committed to being transparent. He declined to comment on Thornton-Trump’s allegations.

Silver Lake is already facing an accusation of insider trading by shareholders in another publicly traded tech firm.

Intelsat, a satellite services company acquired in 2008 by Silver Lake and British private equity firm BC Partners and listed publicly again in 2013, saw the value of its shares drop 40 percent in November 2019 after the Federal Communications Commission declined to give the company access to a special private auction of airwaves. According to a class-action lawsuit filed in the Northern District of California, Intelsat executives held a private meeting with FCC Chairman Ajit Pai two weeks before Pai publicly announced his decision.

It’s unclear exactly what was discussed in the meeting. But shortly afterward, Silver Lake and BC Partners sold a $185 million block of shares. According to the lawsuit, the investors were acting on information Intelsat learned in the FCC meeting. They hired Morgan Stanley to urgently find buyers for the shares and closed the deal at a 7 percent discount to that day’s closing price.

Silver Lake has not publicly commented on the allegations. A spokesman for BC Partners could not immediately be reached for comment, but the firm has previously said the trades were all based on publicly available information.

The Intelsat transaction may be reviewed by securities investigators seeking to determine whether Silver Lake has established any kind of pattern of behavior in its public stock sales, said Columbia’s Mitts.

“If something happens once and never happens again it’s likely a coincidence,” Mitts said. “If it happens over and over again it’s probably not a coincidence.”