SEC sues law firm for client list in the Hafnium cyberattack:
The US Securities and Exchange Commission (SEC) has sued international law firm Covington & Burling for details about 298 of the biz's clients whose information was accessed by a Chinese state-sponsored hacking group in November 2020.
The data theft in question is the now-infamous Microsoft Exchange attack in which Hafnium exploited four zero-day vulnerabilities in the email platform to steal data from US-based defense contractors, law firms, and infectious disease researchers.
Covington was one of the breached law firms, and the intrusion gave the Beijing-backed cyberspies access to some of Covington's clients that are regulated by the US agency.
"Covington has admitted that a foreign actor intentionally and maliciously accessed the files of Covington's clients, including companies regulated by the Commission," the lawsuit says [PDF]. "In light of this reported breach, the Commission is seeking to determine whether the malicious activity resulted in violations of the federal securities laws to the detriment of investors."
