Action Implicates Attorney-Client Privilege and Other Concerns
On January 10, 2023, the SEC filed a subpoena enforcement action against Covington, a large law firm that was victimized by the so-called Hafnium cyberattack by Chinese state actors. Hafnium reportedly was engaged in espionage to determine priorities of the incoming Biden administration in November 2020. The SEC seeks names of Covington clients whose information was accessed by the attackers. Covington has refused to supply the name of its clients, arguing that such information is protected by the attorney-client privilege and work-product doctrine, and that compliance with the subpoena would be unduly burdensome.