A federal appellate court says that the Labor Department is allowed to pursue its inquiry into the cybersecurity practices at a large recordkeeper.
Judge Michael B. Brennan of the U.S. Court of Appeals for the Seventh Circuit says that the Department of Labor is allowed to pursue its inquiry into the cybersecurity practices at Alight Solutions, a large retirement plan recordkeeper
The DOL was investigating alleged cybersecurity breaches at Alight Solutions and, issued an administrative subpoena. Judge Brennan noted that Alight produced some documents but objected to many of the subpoena’s requests. Alight fought the subpoena based on their argument that the DOL lacks authority to investigate the company, or cybersecurity incidents generally.
The DOL investigation was prompted by Alight processing unauthorized distributions of plan benefits due to cybersecurity breaches and the DOL claimed Alight “failed to report, disclose, and restore those unauthorized distributions.” Alight has denied any knowledge of breaches resulting in unauthorized distributions.
The court ruled that the DOL’s authority was not limited to fiduciaries and that the requested information was reasonably relevant to the ERISA investigation.