Recent SEC Enforcement Requests Related to SolarWinds Cyberattack

Skadden, Arps, Slate, Meagher & Flom LLP

Recently, many of our clients have received similar requests from the staff of the SEC's Division of Enforcement related to the December 2020 SolarWinds cyberattack. We confirmed with the SEC staff that the request is legitimate and are happy to discuss your response at your convenience.

In broad strokes, the SEC is offering amnesty to companies who voluntarily disclose (i) how the company was impacted by the SolarWinds cyberattack, and (ii) any remedial actions the company implemented in response, to the extent that those voluntary disclosures show that the company failed to make prior required disclosures or maintain adequate internal controls. Companies must also preserve documents related to the SolarWinds cyberattack, and any other cyberattack since October 2019. Companies that learned of the SolarWinds cyberattack before September 2020 are ineligible for amnesty.

Companies must inform the SEC whether they intend to provide the requested information by June 24, 2021, and provide the information by July 1, 2021, although extensions may be requested for "extenuating circumstances."

Amnesty will not extend to other securities violations related to the SolarWinds cyberattack (e.g., Reg FD violations or insider trading). If a company chooses not to participate and the SEC otherwise learns that the company did not appropriately disclose or prevent/remediate the SolarWinds cyberattack, the SEC intends to pursue enforcement actions with heightened penalties.

Although the SEC did not disclose how it selected recipients of the voluntary request, SolarWinds previously disclosed DOJ, SEC and state AG investigations related to the cyberattacks (in addition to civil litigations), so the SEC may have SolarWinds data and documents, including customer lists.

Download PDF

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Skadden, Arps, Slate, Meagher & Flom LLP | Attorney Advertising

Written by:

Skadden, Arps, Slate, Meagher & Flom LLP

Skadden, Arps, Slate, Meagher & Flom LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.