Covington said it had already engaged in an “extensive internal review,” court filings show, and devoted nearly 500 hours of attorney time in an effort to comply with the SEC’s requests for information. The review involved nine Covington attorneys, including a former SEC associate director, and concluded that the compromised data of only seven of the 298 impacted clients “might possibly contain MNPI.”
Covington shared its findings with the SEC, but the agency refused to accept the limited data, according to a filing from the firm, and demanded the names of all of unidentified clients. Covington described itself as an “innocent third party,” and said the SEC’s attempts to access client information were unprecedented.
“An attorney is supposed to stand between his client and the power of the government,” Covington’s opposition filing reads.
“Despite all of this, the SEC is again demanding to invade a sacred precinct of trust and confidence,” Covington’s filing said. “This Court should bar the door.”
Source: Covington & Burling was hacked, SEC is now suing the D.C. law firm