Cybersecurity

Subscribe to Cybersecurity

Action Implicates Attorney-Client Privilege and Other Concerns

Factual Background

On January 10, 2023, the SEC filed a subpoena enforcement action against Covington, a large law firm that was victimized by the so-called Hafnium cyberattack by Chinese state actors.[1]  Hafnium reportedly was engaged in espionage to determine priorities of the incoming Biden administration in November 2020.  The SEC seeks names of Covington clients whose information was accessed by the attackers.  Covington has refused to supply the name of its clients, arguing that such information is protected by the attorney-client privilege and work-product doctrine, and that compliance with the subpoena would be unduly burdensome.Continue Reading SEC Files Subpoena Enforcement Action Against Covington & Burling, Seeking Names of Clients Impacted by Chinese State-Sponsored Cyberattack

A former broker at a national brokerage firm was recently sanctioned by FINRA after accepting instructions to transfer assets out of a client account. The problem? The instructions were actually sent by an imposter who had obtained access to the client’s account, presumably through some form of cyber-crime.  Unfortunately, the broker unwittingly contributed to the imposter’s malfeasance by not only accepting the instructions but by also taking pro-active steps to circumvent his brokerage firm’s controls.
Continue Reading Cybersecurity: Don’t Become a Different Kind of Victim