Covington to contest SEC court request for breached client data
By 
Adrianne Appel2023-01-19T13:44:00
The Securities and Exchange Commission (SEC) asked a federal court to force Covington & Burling to comply with a subpoena seeking the law firm turn over names of about 300 clients impacted by a 2020 cyberattack.
The SEC announced Jan. 12 it filed an application to the U.S. District Court for the District of Columbia for the court to order Covington to show cause as to why it should not be compelled to comply with the agency’s subpoena, which relates to the Microsoft Hafnium cyberattack.
Microsoft announced in March 2021 some of its programs were vulnerable to hacking and that a China-based group, Hafnium, exploited the weaknesses at government agencies, businesses, and schools globally. On March 16, 2021, the SEC announced it was launching an investigation about the impact of the attack on publicly traded companies.
Related articles
-
PremiumCovington mulling appeal of ruling in SEC breached client case
Covington & Burling is leaving open the possibility of appealing a recent federal court order requiring the law firm to provide the names of hacked clients to the Securities and Exchange Commission.
-
News BriefSEC risk alert flags branch office cybersecurity controls
The protection of customer personal data by branch offices of broker-dealers and investment advisers should be just as robust—and as well-coordinated—as protocols used by the firm’s home office, according to the Securities and Exchange Commission.
-
News BriefCFPB humility pledge reshapes exam process, as agency faces uncertain future
The U.S. Consumer Financial Protection Bureau’s Supervision Division introduced a new “humility pledge” last month that examiners will read aloud at the start of each oversight engagement. It’s another shift in how the organization handles itself under the Trump administration.
More from Regulatory Enforcement
-
ArticleFormer Credit Suisse compliance officer charged with money laundering
A compliance officer is facing charges for laundering $7 million in a complex legal case in Switzerland. Swiss prosecutors have charged Credit Suisse, and one of its former employees, with failing to maintain adequate controls.
-
ArticleSan Francisco firm pays $11.4M for alleged Russia-related sanctions violations
A San Francisco-based private equity firm has agreed to pay $11.4 million to settle allegations it violated U.S. sanctions rules by handling investments for a sanctioned Russian oligarch.
-
ArticleCompany agrees to report to FTC for 10 years for alleged student data lapses
A tech company that stores student information for schools has agreed to implement a data security program and report to the Federal Trade Commission for 10 years, after security failures led to data for 10 million students being breached.