Date of action: February 18, 2022
Type of action: Appellee brief
Names of respondents: Alight Solutions LLC
Background: On July 30, 2019, the department’s Employee Benefits Security Administration opened an investigation of Alight, a healthcare and retirement benefits administration and cloud-based human resources services company. Alight provides recordkeeping service to over 750 ERISA-covered employee benefits plans that serve over 20.3 million plan participants. EBSA began investigating Alight, which provides cybersecurity services to Employee Retirement Income Security Act plans, when EBSA discovered that Alight processed unauthorized distributions of ERISA plan benefits due to cybersecurity breaches in its ERISA plan clients’ accounts and failed to disclose those breaches and unauthorized distributions to those plan clients for months.
Alight failed to produce most documents sought by EBSA’s subpoena, and after attempting to negotiate, EBSA moved for subpoena enforcement in the Northern District of Illinois. The district court granted subpoena enforcement and denied Alight’s request for a protective order. Alight appealed to the Seventh Circuit, and the Solicitor of Labor’s Office, Plan Benefits Security Division, filed an appellee brief on February 18 responding to Alight’s brief.
Read the appellee brief.
“Cybersecurity breaches can cause great harm to Employee Retirement Income Security Act plan participants, including loss of assets necessary to pay plan benefits and exposure of sensitive data. The Department of Labor has a responsibility to ensure that plan fiduciaries and plan service providers satisfy their duties to keep plan information safe and secure, and when the department has reason to believe cybersecurity breaches have affected ERISA plans, we will use all available tools to conduct a thorough investigation, including our subpoena authority.” – Seema Nanda, Solicitor of Labor
Court: Seventh Circuit Court of Appeals
Docket Number: 21-3290