US court orders law firm Covington to name some clients for SEC probe

investing.com:

By Andrew Goudsward

(Reuters) -Covington & Burling must identify some clients caught up in a 2020 hack on the law firm to the U.S. Securities and Exchange Commission, a federal judge in Washington ruled on Monday in a case that could impact future cyberattack investigations.

U.S. District Judge Amit Mehta ordered Covington to give the SEC the names of seven public company clients that may have had information relevant to investors accessed or stolen, dealing a partial victory to the financial regulator in its probe of the attack.

A spokesperson for Covington said the firm will «review the decision carefully and consider any next steps in consultation with our affected clients.»

An SEC spokesperson did not immediately respond to a request for comment.

The ruling, which is likely to be appealed to the D.C. Circuit U.S. Court of Appeals, strikes a middle ground in a dispute closely watched by the U.S. legal industry.

Any final outcome could make it easier for the government to get information on law firm clients in the future, and law firms warn it could chill cooperation between the private sector and authorities investigating cyberattacks.

The SEC had sought the names of all the nearly 300 companies affected, but Covington resisted identifying any clients. An internal review by the firm had identified seven companies that may have had market-relevant information accessed in the hack, according to court filings.

Mehta wrote that the SEC's subpoena was «too broad» but that there was nothing improper about the regulator gaining access to some client names for a probe.

The SEC sued Covington in January to force the prominent Washington-based firm to identify public company clients whose information was accessed or stolen