May 19, 2021 - An investor in shares of Ubiquiti Inc. (NYSE: UI) filed a lawsuit in the U.S. District Court for the Southern District of New York over alleged violations of Federal Securities Laws by Ubiquiti Inc. in connection with certain allegedly false and misleading statements made between January 11, 2021 and March 30, 2021.
New York based Ubiquiti Inc. develops networking technology for service providers, enterprises, and consumers.
On January 11, 2021, Ubiquiti Inc. disclosed that a breach involving a third-party cloud provider had exposed customer account credentials.
Then on March 30, 2021, the Krebs on Security posted an article entitled “Whistleblower: Ubiquiti Breach ‘Catastrophic’” stating that “[n]ow a source who participated in the response to that breach alleges Ubiquiti massively downplayed a ‘catastrophic’ incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication.” Further, the article quoted a letter from the source to the European Data Protection Supervisor stating “[i]t was catastrophically worse than reported, and legal silenced and overruled efforts to decisively protect customers” and “[t]he breach was massive, customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk.”
Shares of Ubiquiti Inc. (NYSE: UI) declined from $401.81 per share on March 29, 2021, to $272.89 per share on April 12, 2021.
According to the complaint the plaintiff alleges on behalf of purchasers of Ubiquiti Inc. (NYSE: UI) common shares between January 11, 2021 and March 30, 2021, that the defendants violated Federal Securities Laws. More specifically, the plaintiff claims that between January 11, 2021 and March 30, 2021, the Defendants, in their statements concerning the data breach, failed to speak fully and truthfully because they failed to disclose to investors that the Company had downplayed the data breach in January 2021, that attackers had obtained administrative access to Ubiquiti’s servers and obtained access to, among other things, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies, that, as a result, intruders already had credentials needed to remotely access Ubiquiti’s customers’ systems, and that, as a result of the foregoing, Defendants’ positive statements about the Company’s business, operations, and prospects were materially misleading and/or lacked a reasonable basis.