Unexpected Threats to Cybersecurity/Confidentiality: The SEC and ChatGPT
March 10, 2023
The Security and Exchange Commission Subpoenas Covington & Burling for Client Names
This story came out of left field. Since when does the Security and Exchange Commission (SEC) go to court asking a law firm to identify clients impacted by a data breach? The Covington & Burling cyberattack happened in 2020. Covington has said that the attack was aimed at a small group of lawyers and advisors to secure information about the incoming Biden administration’s policies on China. The firm said it notified all clients whose information may have been compromised.
Nearly 300 publicly traded companies had their data accessed or stolen in the data breach. Covington was clearly not happy to receive a subpoena asking for the names of the clients impacted.