According to the Law Firm Cybersecurity Scorecard Report released by Logic Force, which assessed over 200 law firms in 2017 ranging in size from 1 to 450+ attorneys throughout the United States, every single surveyed law firm had been the target of a cyber-attack at one point. 40% of those firms never even knew they were breached, while 23% had zero cybersecurity insurance policies in place. And just in case anyone felt left out, 100% of those firms were not compliant with their clients’ policy standards.
If that sounds like a recipe for disaster, it is. Law firm cyber-attacks have been on the rise for years now, so in commemoration of all that’s horribly gone wrong in the legal industry, zbrella is rounding out the top 3 law firm cyber-attacks of the past five years. Take notes.
1. Mossack and Fonseca
Can we really write an article about law firm cyber-attacks without mentioning the Panama Papers debacle? Also known as history’s biggest data leak (that’ll be a tough act to follow), the Panama-based law firm Mossack and Fonseca lost over $11.5 million documents back in 2016. That’s 2.6 terabytes of data, and more than the contents of the Edward Snowden National Security Agency leaks and the 2010 WikiLeaks scandal combined.
In addition to being one of the best examples of the worst types of cybersecurity a law firm could ask for, it had devastating public repercussions. Prime Minister Sigmundur David Gunnlaugsson of Iceland resigned after fraud accusations and Minister Jose Manuel Soria of Industry in Spain resigned after having his private offshore accounts exposed. Uruguay arrested five people for money laundering associated with Mexican drug cartels and that was probably the only good thing to come out of that cyber breach.
2. DLA Piper
Nearer and dearer to 2018 is last year’s successful cyber breach of multinational law firm DLA Piper. It’s important to note here that DLA Piper is known for its expertise on cybersecurity, which makes this vicious computer attack on the company particularly embarrassing.
The malware forced the law firm into a state of suspension entirely in the midst of the hack, shutting down basic operations like email and even the ability to confirm whether or not the firm’s documents and its clients’ documents had been destroyed. Initially, reports stated that the ransomware was holding the firm’s files hostage for money until it was believed that the infected software destroyed files point-blank. And that’s how a $2.5 billion law firm went down in history as the law firm who lost access to its own data. FYI, guys—not a good look.
3. JP Morgan/Chase
Possibly the most notorious law firm cyber-attack in the past decade, the breach on JP Morgan/Chase affected 76 million households and 7 million small businesses. It was the hack heard ‘round the world because it broke the largest bank in the world—and it was successful. In 2014 more than half of all U.S. households were compromised, including names, addresses, phone numbers, email addresses, and private, internal user information.
The hackers even went as far as to gain “root” privileges on more than 90 of the bank’s servers; namely, they could transfer funds and close accounts. Their spree came to an end in 2016 when the final hacker was arrested in New York, but their wire fraud and money laundering accrued over $100 million between 2014 and 2016.
Logic Force was able to conclude from their report that most law firm cyber attacks are non discriminatory—in size or revenue. Hackers are willing to blindly breach anyone so long as there is sensitive data to be had. If you’re a law firm, you’re vulnerable, and if you’re vulnerable, cybersecurity should be a top priority.
Cybersecurity is a growing demand among clients and prospects alike, which should make it a priority investment for 2018. zbrella Technology Consulting provides Cybersecurity Platforms and IT Managed Services specifically for law firms and can help design and set up cybersecurity plans for any size firm. To speak with our Cyber Specialists, call 800-750-4296 or contact us here.