F5 Sued Over Alleged Concealment of BIG‑IP Development Breach

F5 sued over alleged concealment of BIG‑IP development breach

Levi & Korsinsky, LLP files a class action alleging that F5 misrepresents the security of its BIG‑IP platform after learning that a nation‑state threat actor gained long‑term, persistent access to its BIG‑IP product development environment. The complaint says the intruder may have accessed source code and vulnerability information as early as August 2025, while F5 continued to market the product as “best‑in‑class.” Plaintiffs assert the company delays public disclosure until October, and that customers only learn of the exposure after the company’s eventual announcement.

The suit contends the alleged concealment undermines enterprise trust in F5’s application security products, with concrete business effects, including reduced sales and renewals, lengthened sales cycles, and increased remediation costs. The complaint links those operational impacts to a downward revision of F5’s fiscal 2026 revenue guidance to 0–4% growth, below prior expectations for mid‑single‑digit expansion. Levi & Korsinsky frames the case around materiality of security credibility for both customers and corporate buyers who rely on BIG‑IP to protect critical infrastructure and multicloud applications.

Plaintiffs argue that public statements made during the class period — covering purchases between Oct. 28, 2024 and Oct. 27, 2025 — amount to actionable misstatements and omissions because the company failed to disclose known persistent access to development systems. The filing seeks to hold F5 accountable for any losses tied to the alleged delay in notifying stakeholders and for any competitive or reputational damages that flow from a compromised development environment.

Law firm action and outreach

Levi & Korsinsky, which says it has secured hundreds of millions for shareholders over two decades, is pursuing the litigation and invites potentially affected investors to learn more. The notice lists managing partner Joseph E. Levi as a contact and provides an email and phone number for investors who believe they are class members and want representation or updates.

Wider implications for cybersecurity disclosure

The complaint raises broader questions about disclosure obligations in the multicloud application security market, an industry generating billions in annual revenue where enterprise security credibility is central to customer purchasing decisions. Industry participants and corporate counsel are likely watching the case for how courts treat obligations to disclose compromises of development environments and the handling of potential source‑code access by sophisticated threat actors.