On Friday, the SEC Staff issued this guidance, in the form of FAQs, to recipients of its letter regarding its investigation of the SolarWinds cyber attack (see “SEC Offers Limited Scope Amnesty”). Among other things, the guidance makes clear that an unnamed source provided the SEC with information about those organizations that may have been impacted by the attack, and that the amnesty offer is limited to SolarWinds attack-related conduct. Question 18 of the guidance addresses how letter recipients can request an extension of time to respond to the SEC’s request.
Access additional resources on our Cybersecurity/Data Privacy page »Cases/Enforcement Actions.