In Sorenson Impact Foundation v. Continental Stock Transfer & Trust Company (Apr. 1, 2022), computer hackers intercepted the email communications of a law firm (the “Law Firm”) involved with the $130 million merger pursuant to which Tassel Parent, Inc. (the “Buyer,” a subsidiary of private equity firm KKR) was acquiring Graduation Alliance, Inc. (the “Target”). The hackers posed online as two of the Target’s actual stockholders and succeeded in having the merger consideration paid to them instead of the stockholders. The hackers were never apprehended or identified. The actual stockholders—Sorenson Impact Foundation and James Lee Sorenson Family Foundation—brought suit in the Delaware Court of Chancery against Continental Stock Transfer & Trust Company (the “Paying Agent”), the Buyer, and the Target (which was the surviving corporation and which we refer to herein, in combination with the Buyer, as the “Company”). Vice Chancellor Glasscock (i) dismissed the claims against the Paying Agent on the basis of lack of personal jurisdiction; (ii) let stand the claims against the Company; and (iii) left open the issue whether the Law Firm (which had communicated directly with the hackers) was a necessary party to the action and must be joined as a defendant.

Background. The Sorenson entities properly submitted their letters of transmittal and stock certificates to the Paying Agent, requesting payment in their name to an account at Zions Bank in Utah. Computer hackers then intercepted the Sorenson entities’ email communications with the Law Firm. (Which entity was represented by the Law Firm was in dispute.) Assuming the identity of the Sorenson entities, the hackers then communicated via email with the unsuspecting Law Firm and requested that payment of the merger consideration be changed to an international account at a Hong Kong bank. A week later, they requested that the payment be made in the name of HongKong Wemakos Furniture Trading Co. The Law Firm communicated these instructions to the Paying Agent.

(more…)