X

Covington Law Firm Characterizes SEC’s Request for Client Names as an Attack

USA SEC

Covington & Burling, a prominent law firm based in Washington, D.C., has responded to a lawsuit filed against it by the United States Securities and Exchange Commission (SEC) by arguing that the agency exceeded its powers by requesting that the firm identify the clients affected by a cyberattack in 2020. Covington stated that an SEC subpoena seeking the names of nearly 300 publicly traded companies whose data was compromised during the attack threatened to expose confidential client information that the firm is obligated to safeguard.

In a filing to the federal court hearing the case, Covington asserted that the SEC’s effort to force the firm to cooperate with an investigation of its clients, without any evidence of wrongdoing by Covington or its clients, is a violation of the confidentiality of the attorney-client relationship. Covington & Burling has claimed that the SEC’s request was a “fishing expedition” that could lead to scrutiny of its clients without any evidence of misconduct.

The SEC sued Covington last month, seeking to compel the law firm to identify the clients affected by the hack. The SEC has argued that its request was narrowly focused and did not seek information covered by the attorney-client privilege. The agency has claimed that the subpoena was necessary to determine whether the hack resulted in insider trading and if the companies made all required disclosures to investors about the breach.

Covington & Burling has contended that the SEC’s demand could have a chilling effect on cooperation between law firms and the government following future cyberattacks and cause a “cascading series of dilemmas” for firms caught between reporting breaches and protecting their clients. The firm has pointed out legal ethics rules that mandate law firms to protect the confidentiality of their clients and safeguard potentially embarrassing information.

Covington & Burling’s legal team at Gibson, Dunn & Crutcher has claimed that the 2020 hack was aimed at a small group of lawyers and advisors to glean information about the incoming Biden administration’s policies on China. The firm has stated that it cooperated with the Federal Bureau of Investigation to investigate the cyberattack and notified all clients whose information was potentially compromised.

The case’s outcome could have significant implications for law firms targeted in cyberattacks and the government agencies that investigate potential securities law violations. The case also highlights the need for clear guidelines on the obligations of law firms and government agencies in such situations. How the federal court hearing the case will rule remains to be seen.


REFERENCES:

SEC demand for client names is an ‘assault,’ law firm Covington says

Rachel E: