SEC Wins Access to Some Covington & Burling Clients’ Names

Covington & Burling LLP must turn over the names of seven clients whose data was compromised in a cyberattack to the US Securities and Exchange Commission, despite objections by the firm and others that to do so would weaken attorney-client privilege.

The SEC had asked in March for the names of almost 300 “public company clients” of the law firm, saying it needed them to determine if the hackers had used the information they stole to engage in illicit trading.

US District Court Judge Amit Mehta in Washington ruled that request was “too broad” and he ordered the law firm to reveal the names only of clients whose material, nonpublic information may have been accessed by hackers during the 2020 breach of the law firm’s computer files.

Such a request by the SEC “does not exceed its statutory authority or cross any constitutional lines,” the judge wrote.

Covington argued that confidentiality rules should shield it from having to provide any of the names.

More than 80 law firms signed an amicus brief supporting Covington. They argued that a ruling in favor of the SEC could open the door to further weakening of attorney-client confidences.

The case is Securities and Exchange Commission v. Covington & Burling LLP, 23-00002, US District Court, District of Columbia.

To contact the reporter on this story:
Robert Burnson in San Francisco at rburnson@bloomberg.net

To contact the editors responsible for this story:
Misyrlena Egkolfopoulou at megkolfopoul@bloomberg.net

Joe Schneider

© 2023 Bloomberg L.P. All rights reserved. Used with permission.