SEC Sues Law Firm for Client List in the Hafnium Cyberattack
upstart writes:
SEC sues law firm for client list in the Hafnium cyberattack:
The US Securities and Exchange Commission (SEC) has sued international law firm Covington & Burling for details about 298 of the biz's clients whose information was accessed by a Chinese state-sponsored hacking group in November 2020.
The data theft in question is the now-infamous Microsoft Exchange attack in which Hafnium exploited four zero-day vulnerabilities in the email platform to steal data from US-based defense contractors, law firms, and infectious disease researchers.
Covington was one of the breached law firms, and the intrusion gave the Beijing-backed cyberspies access to some of Covington's clients that are regulated by the US agency.
"Covington has admitted that a foreign actor intentionally and maliciously accessed the files of Covington's clients, including companies regulated by the Commission," the lawsuit says [PDF]. "In light of this reported breach, the Commission is seeking to determine whether the malicious activity resulted in violations of the federal securities laws to the detriment of investors."
Read more of this story at SoylentNews.