After hackers targeted law firm emails and stole a portion of the merger consideration, the Delaware Court of Chancery found it was “reasonably conceivable” that an M&A buyer could be liable for not ensuring final payment reached target company shareholders.

On April 1, 2022, the Delaware Court of Chancery (the Court) issued an opinion in Sorenson Impact Foundation v. Continental Stock Transfer & Trust Company, a case brought by target company shareholders in a merger transaction after hackers posing as the shareholders successfully redirected a portion of the merger consideration to the hackers instead of the shareholders. The out-of-pocket shareholders sued the buyer, the target company (which survived the merger as a wholly owned subsidiary of the buyer), and the paying agent responsible for remitting payment of the merger consideration to the target’s shareholders under a customary paying agent agreement with the buyer.