SEC Request for Information About SolarWinds Compromise

Publish Date


Cyber Alert


  • Cybersecurity

The U.S. Securities and Exchange Commission’s (SEC) Division of Enforcement is conducting outreach to firms who may have been a victim of the SolarWinds® breach with a voluntary request to produce information. Firms who have received this request must notify the SEC whether they intend to respond by 5:00pm ET on June 24, 2021. 

The SEC is offering amnesty from enforcement actions to firms who voluntarily respond to this letter if they discover they have failed to make a required disclosure connected to this breach, unless the firm learned of the breach prior to September 1, 2020. 

ACA guidance 

If firms decide to provide the requested information to the SEC, ensure that each clause or point to each question is answered completely and succinctly. Be sure to include: 

  • Steps taken to patch your Solarwinds software 

  • Investigation steps taken to determine how your firm was affected (such as CISA recommendation) 

  • Whether you notified clients or customers of the breach 

  • Whether you disclosed the breach to investors and the SEC 

  • If you plan to update controls, policies, or procedures as a result of this breach 

How we help  

ACA Aponix offers the following solutions that can help your firm protect itself in relation to this and similar cybersecurity breaches, and to enhance your cybersecurity in general:   

Download our Aponix Protect™ cybersecurity solution brochure.  

If you have any questions, please contact your ACA Aponix consultant or contact us below.