FedEx execs: We had no idea cyberattack would be so bad. Investors: Is that why you sold $40m+ of your own shares?

FedEx execs not only hid the impact of the NotPetya ransomware on their business but personally profited by selling off tens of millions of dollars of their own shares before the truth came out, a lawsuit filed by the delivery business’ own shareholders claims.

The legal complaint [PDF], filed in Delware, USA, this week, accuses the shipping giant and its top brass of giving "materially false and misleading statements" about the impact of the malware infection on its European subsidiary TNT Express in June 2017. And, the paperwork notes, several top execs off-loaded their shares before the damage caused by the cyber-attack became known and the share price plummeted.

FedEx founder Frederick Smith sold $31m worth of stock at $256 per share in April 2018, and its chief operating officer David Bronczek did the same in January 2018, netting $12m by selling at $225 a share. Other execs are listed as selling roughly $1m a piece in shares around the same time. The share price currently stands at $152 after a massive drop in December 2018, primarily due to its uncertain outlook in Europe for 2019.

Despite FedEx going to some lengths to highlight the impact of the file-scrambling malware on its business – including suspending its shares back in June 2017, and announcing a $300m loss thanks to the code a few months later that September – the shareholders argue that the exec team downplayed the depth of the problem.

At the time, FedEx stressed that no information had been stolen by the cyber-nasty, and only some offices of TNT Express had been disrupted. "Remediation steps and contingency plans are being implemented as quickly as possible," it said in a statement. But, at the same time, it also refused to answer questions from the press.

The lawsuit, led by shareholder Jason Flaker, claims that FedEx did not flag that growth of its European TNT subsidiary was slowing down as a result of clients that “permanently took their business to competitors." It also claims that FedEx was less than fully honest about the cost and effort required to get the TNT systems back up and running.

Detriment

As for the share-dumping execs, the lawsuit accuses them of being “unjustly enriched at the expense of and to the detriment of FedEx” while “breaching fiduciary duties” and engaging in insider selling because there were “in possession of material, nonpublic information that artificially inflated the price of FedEx stock.”

You may think that this is just a case of sore investors losing money, but back in July this year, FedEx was hit with another similar lawsuit claiming execs has downplayed the impact of the cyberattack: law firms are queuing up to get a piece of that action.

In fact, lawyers are going to be dining out on the enormous impact of NotPetya: one of the most notable cases being when US snack food giant Mondelez sued its own insurance company in January this year for $100m after the insurers claimed the malware was “an act of war” and therefore it wouldn’t pay out. That case is still ongoing.

A spokesperson for FedEx was not available for immediate comment. ®

Updated to add

"Certain current and former directors and officers of FedEx Corporation have been named as defendants in a stockholder derivative lawsuit that includes many of the same allegations that appear in other recently filed lawsuits," a spokesperson for the shipping titan told us.

"We intend to vigorously defend against these allegations and will respond accordingly."