Has Your Lawyer Been Hacked?

Practically every week, another major hack attack makes the news. Hackers have invaded, and stolen data from, banks, retailers, and even movie studios.

Hundreds of millions of consumers have had their names, email addresses, phone numbers, mailing addresses, credit card numbers, medical histories, and Social Security numbers taken by hackers. Often, this information is used to steal money and commit identity theft.

A recent report by Citigroup, reported in the New York Times, criticizes US law firms for being reluctant to publicly discuss cyber intrusions and report data breaches. Because of this reticence, it is not possible to determine whether cyberattacks against law firms are on the rise, according to the report.

Hack Attacks

Law firms, like other organizations, can be targeted via:

• Direct breaches
• attacks on their websites
• “phishing” expeditions – using the name of the law firm to fool people into disclosing their personal information
• careless disposal of client records (including records on discarded law firm computers)
• theft of mobile devices, such as laptops and smart phones

The report suggested that it was reasonable to expect that law firms would be targets of attacks by both foreign governments and private hackers because law firms hold a great deal of confidential information about business deals and strategies.

Sensitive Information

Law firms can also be custodians of sensitive client information such as:

• trade secrets
• draft patent applications
• information about prospective mergers and acquisitions, and major contract negotiations, that could affect stock prices
• private information about personal matters, such as divorces

The Times reported that a security firm that was advising six firms that were the subject of a data breach disclosed that many large hack attacks on law firms were linked to the Chinese government. The hackers in these cases were apparently looking for information on military weapons systems, among other things.

In 2012, Bloomberg reported that hackers based in China targeted specific law firms in Toronto looking for information about a $40 billion takeover deal.

Cyber attacks are a threat to many professionals today. It’s important for all businesses to stay vigilant when protecting against cybersecurity attacks. Make sure your invoices and other sensitive information are safe whether you use an invoice generator or other method.

Working Together

As reported in another Times article, Wall Street banks and the large law firms that work with them, have been taking steps to form an alliance to share information about hacking threats. This alliance is called the Financial Services Information Sharing and Analysis Center (FS-ISAC).

According to the FS-ISAC website, “When attacks occur, early warning and expert advice can mean the difference between business continuity and widespread business catastrophe.”

Even Pres. Obama has urged businesses to cooperate to fight cyber-attacks, making online security a major theme of his 2015 State of the Union address. He signed an executive order in February encouraging private companies to form organizations to share information.

A Law Firm’s Duty

One reason that law firm hack attacks are rarely made public is that law firms are private partnerships, and thus not bound by the same data-breach reporting requirements that apply to public companies.

However, law firms have an obligation to keep client information confidential. A data breach that exposes confidential client information could be grounds for a malpractice suit.

If you have questions about how your law firm is protecting your confidential information, you may wish to contact your firm and inquire.