The US Securities and Exchange Commission has sued international law firm Covington & Burling for details about 298 of the biz's clients whose information was accessed by a Chinese state-sponsored hacking group in November 2020.four zero-day vulnerabilities in the email platform to steal data from US-based defense contractors, law firms, and infectious disease researchers.
"Covington has admitted that a foreign actor intentionally and maliciously accessed the files of Covington's clients, including companies regulated by the Commission," the lawsuit says []."In light of this reported breach, the Commission is seeking to determine whether the malicious activity resulted in violations of the federal securities laws to the detriment of investors.
In March 2022, the SEC issued a subpoena asking Covington to hand over information about the security breach including, among other things, all of the affected clients' names, and the amount of information that was accessed or stolen, and communications between the law firm and the clients about the exfiltration.
The SEC then narrowed its request to just the names of SEC-regulated clients whose data had been"viewed, copied, modified or exfiltrated during the attack on Covington" as well as communications between those publicly traded companies and their attorneys.