A federal court in Chicago just ruled that a retirement plan provider must comply with a subpoena requesting documents and communications relating to the provider’s information security and cybersecurity plans and controls.
The Department of Labor (DOL) sought enforcement of their subpoena against Alight Solutions, a third-party administrator. The DOL had discovered that Alight had processed unauthorized distributions due to cybersecurity breaches relating to its plan clients’ accounts.
The court rejected Alight’s arguments that the DOL’s subpoena power only extends to ERISA fiduciaries.
