SolarWinds said on Friday some of its former and current executives had been issued a Wells notice by the U.S. Securities and Exchange Commission over a massive 2020 data breach tied to the software firm.

A Wells notice does not necessarily mean that recipients have violated any law. The SEC issues Wells notices to firms when it is planning to bring enforcement action against them.

“We are cooperating in a long investigative process that seems to be progressing to charges by the SEC against our company and officers,” a SolarWinds spokesperson said in an emailed statement.

“SolarWinds has acted properly at all times by following long-established best practices for both cyber controls and disclosure,” the spokesperson said.

The company was at the center of a cybersecurity crisis in December 2020, when hackers compromised SolarWinds software updates and used them to access data of thousands of companies and government offices that used its products. The U.S. government has attributed the hack to Russia.

In November last year, the SEC recommended an enforcement action against the software firm over its public statements on cybersecurity and procedures governing such disclosures.

(Reporting by Samrhitha Arunasalam in Bengaluru; Editing by Maju Samuel and Tom Hogue)