83 law firms join Covington in its fight against an SEC subpoena

83 significant American law firms have banded together to support Covington & Burling’s opposition to the US Securities and Exchange Commission’s (SEC) request for information about clients who were impacted by the firm’s cyberattack. The group of firms, which frequently compete with one another for clients and legal talent, submitted a friend-of-the-court brief in which they claimed that the SEC’s subpoena for Covington’s clients violated client confidentiality and that any law firm would object to such a request in a comparable situation.

The SEC is attempting to compel Covington to disclose the names of about 300 clients with publicly traded companies whose data was accessed or stolen during the 2020 hack. This is a component of an investigation into possible violations of securities laws. The hack was allegedly carried out by the Chinese-affiliated Hafnium cyberespionage group.

In a document  to the court, the law firms said the SEC’s subpoena would potentially turn lawyers “into witnesses against their clients.” The law firms that signed onto the brief all have a significant presence nationally and in Washington, where Covington is headquartered, and many represent clients in matters involving the SEC.

The subpoena, according to Covington, is “an assault on the sanctity and confidentiality of the attorney-client relationship” and could subject the firm’s clients to SEC scrutiny without any prior proof of wrongdoing, it claimed in its filing from last week. Covington has argued that the attorney-client privilege does not apply to the SEC’s demand and that being a law firm does not exempt it from following investigative requests.

In order to weigh the arguments put forth by both sides, the judge in the case has scheduled a hearing for the following month.


The filing by the collection of law firms emphasizes how crucial client privacy is to the legal industry. The legal profession has long maintained that the client-attorney relationship is sacred and that their clients have a right to expect communications from their lawyers to be kept confidential. Lawyers have an ethical obligation to keep client information confidential and can face disciplinary action if they breach this obligation.

The SEC’s request that Covington discloses its clients’ names serves as a timely reminder of the dangers facing client confidentiality in the modern era. Due to the increasing frequency of cyberattacks, law firms are at risk of having access to or theft of vast amounts of sensitive and confidential client information. Law firms are required to safeguard the information of their clients and make sure that the necessary safeguards are in place to identify and respond to cyberattacks.

The case also emphasizes the conflict between law enforcement’s obligation to look into potential wrongdoing and the value of maintaining client confidentiality. While the SEC has a legitimate interest in looking into possible securities law violations, it must weigh this interest against clients’ rights to privacy. The courts must take these conflicting interests into account when deciding whether to uphold the SEC’s demand for Covington to identify its clients.

, ,