Thursday, March 31, 2016

HACKED: Prominent Law Firms Breached

via the Wall Street Journal: "Hackers Breach Law Firms, Including Cravath and Weil Gotshal" --
  • "Investigators explore whether cybercriminals wanted information for insider trading... Hackers broke into the computer networks at some of the country’s most prestigious law firms, and federal investigators are exploring whether they stole confidential information for the purpose of insider trading, according to people familiar with the matter. The firms include Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP, which represent Wall Street banks and Fortune 500 companies in everything from lawsuits to multibillion-dollar merger negotiations. Other law firms also were breached, the people said, and hackers, in postings on the Internet, are threatening to attack more."
  • "The attacks on law firms appear to show thieves scouring the digital landscape for more sophisticated types of information. Law firms are attractive targets because they hold trade secrets and other sensitive information about corporate clients, including details about undisclosed mergers and acquisitions that could be stolen for insider trading."
  • "The potential vulnerability of law firms is raising concerns among their clients, who are conducting their own assessments of the firms they hire, according to senior lawyers at a number of firms."
  • "One of the trickiest questions for law firms is when they are required to publicly disclose a data breach. Forty-seven U.S. states have their own breach-notification laws, forcing law firms and other companies to navigate a patchwork of different rules."
with added notes and detail via the American Lawyer: "Cravath Admits Breach as Law Firm Hacks Go Public" --
  • "Law firms will go to great lengths to keep attempted and successful hacks secret, because any sign that the data they store isn’t secure can result in a “huge loss of customer confidence,” said Austin Berglas, former head of the FBI’s cyber branch in New York."
  • "'I think that the majority of the law firms don’t even know that they’re compromised,' said Berglas, who now leads the cyber investigations and incident response team at K2 Intelligence. He added that law firms are traditionally understaffed in cybersecurity, compared with large corporations and banks."
  • "Berglas said he worked with a law firm recently that faced a ransomware attack, something he said he’s seeing more and more often. The firm did not know about the attack until the hacker sent a screenshot of the stolen data and a message that the information would be made public if the firm did not pay. This firm opted to comply and handed over a seven-figure sum, according to Berglas."
  • "Daniel Silver, a former federal prosecutor who recently joined Clifford Chance, said... Firms tend to be reluctant to publicly identify themselves as victims, said Silver. And they usually don’t have to. While corporations are often required to report data breaches and hacking, law firms—which frequently possess sensitive material from the same corporations—are in a different category."
  • "Generally, there is no specific regulation directed at law firms requiring them to report data breaches, Silver said. 'More often firms will turn to the private sector to try to fix a problem rather than call the FBI,' he said. 'It’s a patchwork approach these days … and law firms fall into a black hole when it comes to these data breach issues.'"

No comments:

Post a Comment