Wednesday, April 1, 2015

Citibank Report Criticizes Law Firms on Information Security

  • "The unwillingness of most big United States law firms to discuss or even acknowledge breaches has frustrated law enforcement and corporate clients for several years. That frustration bubbled over in a recent internal report from Citigroup’s cyberintelligence center that warned bank employees of the threat of attacks on the networks and websites of big law firms."
  • "The report said bank employees should be mindful that digital security at many law firms, despite improvements, generally remains below the standards for other industries."
  • "The Citigroup team issued the report as other Wall Street banks are putting pressure on the legal profession to do more to prevent the theft of confidential client information."
  • "John P. Carlin, assistant attorney general for national security, spoke this month at an American Bar Association conference in New Orleans, impressing on the lawyers the need to promptly inform clients and law enforcement authorities of attacks that could compromise confidential information."

In an interesting twist, Citigroup added some additional commentary after a few law firms mentioned in the report offered exculpatory detail (such as one firm noting that a hack on their corporate web site, hosted by a third party, did not result in any confidential information being disclosed):
  • "Citigroup issued a statement on Thursday distancing itself from the report. A person briefed on the matter but not authorized to speak publicly said the bank had stopped distributing it: 'The analysis relied on and cited previously published reports. We have apologized to several of the parties mentioned for not giving them an opportunity to respond prior to its publication in light of the sensitive nature of the events described,' said Danielle Romero-Apsilos, a Citigroup spokeswoman."

No comments:

Post a Comment