Thursday, April 7, 2011

Confidentiality Breaches -- More Client Data Leaks (Insider Trading + External Penetration)

It's been an active week for law firm confidentiality news. A reader pointed out two significant stories came to light yesterday that once again highlight the importance of protecting client confidential information:

Insider Trading -- In yet another case of a high-profile law firm falling victim to (alleged) internal malfeasance, the government just brought insider trading charges against an associate formerly with Wilson, Sonsini, Goodrich & Rosati.

Working with at least one external accomplice, and while employed by several firms, he passed on information over several years (starting as a summer associate) that resulted in a profit of $32 million dollars. With available access to the firm's internal document management software, he searched for sensitive client details on price-sensitive matters:
  • "Mr. Kluger, of Oakton, Va., allegedly stole information regarding 11 deals while at Wilson, Sonsini, which he left last month. Mr. Kluger circumvented Wilson Sonsini's computerized document-management system by looking at the titles of documents related to deals he wasn't working on but not opening the documents, prosecutors said."
External Penetration -- From Canada comes a report that four major law firms have been successfully hacked by what appears to individuals operating out of China. (We've previously noted that law firms are prime targets for external information attacks, given the volume and concentration of sensitive client information they house.)

These recent attacks highlight the risks facing law firms and the need to take strong precautions:
  • These were "...highly sophisticated cyber attacks designed to destroy data or to steal sensitive documents relating to impending mergers and acquisitions."
  • "Mr. Tobok said some in the legal world have been slow to realize just how serious the hacking threat is, although he said IT departments are doing the best they can. 'Sometimes they have a false sense of security,' he said of companies in general. 'After they get attacked, they understand that they have to invest a little more.'"

No comments:

Post a Comment