FedEx shareholders are accusing the company’s executives of failing to disclose the full extent of the NotPetya ransomware attack while also selling tens of millions of dollars worth of their own stock in the company, according to a lawsuit filed last week.
Stock owners filed a lawsuit on Sept. 17 alleging that FedEx brass provided “materially false and misleading statements” about the ransomware attack that locked up systems at company subsidiary TNT Express more than two years ago. NotPetya wreaked havoc on corporate giants including Maersk, the British advertising firm WPP and the pharmaceutical conglomerate Merck. The White House blamed Russia for the attack, which caused more than $10 billion in damages and spurred a number of high profile lawsuits in the private sector.
In this case, the suit alleges FedEx failed to inform its shareholders that TNT Express customers were abandoning the company in favor of other logistics providers as a result of NotPetya. The company later said the cyberattack would cost $400 million, though that figure failed to account for the full cost of remediation, lost business and reputational damages, the suit alleged.
In an earnings call, FedEx brass “assured investors that all critical TNT systems were fully restored, and the remediation efforts would be completed by the end of September 2017,” the suit states.
Then, in the year that followed, while the company sifted through the damages, FedEx founder Frederick Smith sold $31 million worth of stock, and chief operating officer David Bronczek made $12 million by selling many of his own shares.
Smith and Bronczek sold their stock at $256 per share and $225 per share, respectively, before FedEx stock fell in December 2018 in part because of a negative outlook in Europe, where TNT operates. Shares were worth $148.78 at press time.
FedEx, in a statement to Business Insider, said it will “vigorously defend itself” from the accusations.
This case comes amid an ongoing suit between Mondelez, the snack food giant, and Zurich Insurance. Mondelez has argued that Zurch failed to help Mondelez recover from the NotPetya attack, while Zurich has argued that, since the White House blamed Russia for the attack, NotPetya falls under the “war exclusion” of its contract.
Merck, similarly, has filed more than a dozen lawsuits in connection with the matter.
The complaint is available in full below.