Printed from BusinessInsurance.com

D&O lawsuit filed over cyberattack on FedEx unit

Posted On: Jul. 1, 2019 1:42 PM CST

NotPetya

A labor union pension fund has filed a directors and officers liability lawsuit against FedEx Corp., charging the impact of the 2017 NotPetya virus on a recent acquisition impacted FedEx’s stock price.

The putative securities fraud class action filed by the Provincetown, Rhode Island-based Rhode Island Laborers’ Pension Fund against Memphis, Tennessee-based FedEx and its directors and officers, pointed to the company’s 2017 $4.8 billion acquisition of Hoofdorp, Netherlands-based TNT Express NV, according to the lawsuit filed Wednesday in U.S. District Court in New York in Rhode Island Laborers’ Pension Fund v. FedEx Corp. et al.

According to the lawsuit, after the acquisition closed, FedEx embarked on an aggressive strategy to integrate its legacy European operations with TNT. But on June 27, 2017, TNT’s operations were “crippled” by the NotPetya malware virus attack, which spread throughout TNT’s systems and paralyzed its systems.

“Throughout the Class Period, defendants continually assured investors about its recovery from the Cyberattack and any negative impact from the attack was minimal,” according to the lawsuit.

“The full extent of TNT’s deteriorating business was revealed to investors” on Dec. 18, 2018, when it reported a large profit miss for its second quarter ended Nov. 30, 2018, which it attributed in part to a shift in TNT’s product mix to lower margin freight business following the cyberattack. The news resulted in a 12.2% stock drop the next day, according to the lawsuit.

“As a result of Defendants’ wrongful acts and omissions, and the precipitous decline in the market value of the Company’s common stock, Plaintiff and other Class members have suffered significant losses and damages,” said the lawsuit, which charges defendants with violations of the Securities and Exchange Act. It was filed on behalf of a class of investors who purchased the company’s common stock during the Sept. 19, 2017-Dec. 18, 2018 period.

FedEx said in a statement it “intends to vigorously defend itself against these allegations and will respond accordingly.” 

The Walt Disney Co.’s finance chief warned a D&O symposium in February that management teams must be willing to get in front of the cyber risk issue.