This Cyber Stock Is the S&P 500’s Worst Performer Today. A Security Breach Is to Blame.
Oct 16, 2025 13:22:00 -0400 by Nate Wolf | #Technology
F5 serves 85% of Fortune 500 companies and all 15 executive departments of the U.S. government. (David Ryder/Bloomberg)
Key Points
- F5 experienced a security breach, giving nation-state affiliated hackers persistent access to systems and stealing BIG-IP source code and vulnerability data.
- F5 shares drop sharply Thursday. The stock is the session’s worst performer in the S&P 500.
- The Cybersecurity & Infrastructure Security Agency ordered federal agencies to inventory and update F5 BIG-IP products due to an imminent threat.
Cybersecurity company F5 suffered a security breach that gave nation-state affiliated hackers “persistent access” to some of its systems.
The attackers breached data related to the F5’s BIG-IP application security product, the company said in a regulatory filing Wednesday. Stolen files included portions of the source code for BIG-IP and information about undisclosed vulnerabilities in the product.
Chinese state-backed hackers were behind the breach, Bloomberg reported Thursday, citing sources familiar with the matter. F5 declined to confirm this report to Barron’s.
Shares fell 12% Thursday, putting F5 on track for its largest single-day decline since 2022. The stock was the session’s worst performer in the S&P 500.
F5 serves 85% of Fortune 500 companies and all 15 executive departments of the U.S. government, the company said. BIG-IP is one of its flagship products
The Cybersecurity & Infrastructure Security Agency ordered federal agencies Wednesday to inventory BIG-IP products and apply security updates recommended by F5.
“This cyber threat actor presents an imminent threat to federal networks using F5 devices and software,” the agency said in an emergency directive.
In a separate statement, F5 advised customers to update their software and harden their systems. F5 is working with law enforcement, government partners, and outside cybersecurity companies like CrowdStrike and Mandiant in response to the incident, the company said.
Earlier this year, Microsoft disclosed that hackers linked to the Chinese government exploited vulnerabilities in its SharePoint Server platform. The stock, however, barely moved, as investors appeared to shrug off a breach that impacted various U.S. agencies, including the Department of Homeland Security.
Write to Nate Wolf at nate.wolf@barrons.com