Legal Data Breaches and How to Avoid Them

Law firms typically store and process multiple types of very sensitive data. Legal data includes information from confidential client discussions, financial records about the firm, and strategies for upcoming cases. Failure to keep this data secure can result in devastating effects on the law firm and its clients.

The sensitive and potentially valuable nature of legal data makes it an attractive target for threat actors. In addition to information tied to the victimized company, hackers can obtain personal details on clients that can be used for malicious purposes such as identity theft and financial fraud. Threat actors searching for prime targets often select law firms.

We are going to look at some of the most serious legal data breaches to demonstrate the threat to law firms of all sizes. Then, we will talk about how an extended detection and response (XDR) platform can be instrumental in protecting a law firm’s valuable data assets.

Data Breaches Affecting Law Firms

According to the American Bar Association’s (ABA) 2023 Cybersecurity Report, 29% of law firms experienced a security incident in 2023. This number represents an increase from 27% in 2022 and provides evidence that law firms need to take cybersecurity seriously. Following are examples of data breaches that affected law firms and their clients.

Mossack Fonseca

Mossack Fonseca was a Panamanian law firm involved in the Panama Papers scandal. The company suffered a massive data breach in 2016 resulting in the leak of 11.5 million documents to multiple journalists. The leaked information included confidential client information related to offshore bank accounts and tax evasion scams. Information disclosed in the documents led to the resignation of several individuals mentioned in them, including Iceland’s prime minister, Sigmundur David Gunnlaugsson.

Initially, it was suspected that the documents came from an internal source. The company clarified the issue in a statement from founder Ramon Fonseca who ruled out an inside job and claimed the leak was due to a hack. Threat actors may have initiated the attack by breaching the company’s email server.

This data breach had significant consequences for Mossack Fonseca. The company was forced to close its doors in 2018 due to reputational degradation that caused irreversible damage.

Grubman, Shire, Meiselas & Sacks

Grubman Shire Meiselas & Sacks (GSMS) is a prominent law firm based in New York City. The company provides legal services to the entertainment and media industries. GSMS’s data resources include sensitive data on many notable celebrities that hackers used as leverage to force their ransom demands to be met.

GSMS first acknowledged that it was hit by hackers in May 2020. The attack was perpetrated by a ransomware gang using the REvil ransomware variant. Up to 756 gigabytes of data were stolen in the attack. Initial ransom demands were for $21 million which was later doubled to $42 million. To exert pressure on GSMS to pay its demands, the threat actors released information about Lady Gaga and threatened to conduct further releases that included data about Madonna and other celebrities.

HWL Ebsworth

HWL Ebsworth is one of Australia’s most prominent law firms. The company provides legal services for government agencies, banks, and large businesses. HWL Ebsworth was attacked and had large amounts of client information stolen by the APOHV/BlackCat hacker group. Notification of the data breach was first made on April 28, 2023. Hackers demanded AUD 6 million which the company has so far refused to pay.

The law firm reported that hackers accessed a segmented part of its network and not its main document management system. Clients whose data was compromised in the attack include The Office of the Australian Information Commissioner and the country’s big four banks: National Australia Bank, Westpac, the Commonwealth Bank, and ANZ. There may have been sensitive defense information in the theft as well, though this has not been confirmed by the Australian Department of Defence.

Genova Burns LLC

Genova Burns is a law firm headquartered in Newark, New Jersey that performs legal services for ride-share provider Uber Technologies. The company was impacted by a cyberattack and data breach involving sensitive information on an unknown number of Uber drivers. Stolen data included the drivers’ names and Social Security numbers.

The company began to notice suspicious activity affecting its IT systems in late January 2023. The firm published an online letter on April 4th announcing it had been hacked and information was stolen. In a letter sent to the affected Uber drivers, the firm claims they secured the environment by changing all system passwords after learning of the incursion.

Orrick, Herrington & Sutcliffe

Orrick, Herrington & Sutcliffe is a law firm that specializes in helping companies manage cyber governance and response. Threat actors accessed and stole data from the company’s IT systems between February 28 and March 13, 2023. Orrick, based in San Francisco, initially reported that the two-week breach had exposed data on 153,000 individuals.

A subsequent disclosure in July indicated that records of over 600,000 people were involved in the breach. The stolen information includes personally identifiable information such as names, addresses, Social Security numbers, and driver’s licenses. The company has not revealed if it was extorted for ransom in the attack.

These preceding incidents are just a few of the many attacks focused on law firms. They highlight the importance of implementing robust cybersecurity measures and conducting regular risk assessments to identify new vulnerabilities. Members of the legal profession need to understand the risk they are taking with their sensitive data resources.

Avoiding Data Breaches With Extended Detection and Response

Protecting legal data requires a multi-faceted approach involving people, procedures, and technology. An extended detection and response (XDR) solution enhances your existing cybersecurity stack and helps secure your data in today’s sophisticated threat landscape. XDR can detect and respond to threats that are not identified by traditional security tools.

Samurai XDR provides customers with the following features that speak directly to the types of threats that trigger ransomware attacks and data breaches.

• The XDR platform uses machine learning and advanced analytics to recognize and respond to suspicious behavior throughout the environment that can indicate the presence of threat actors. Sophisticated threat hunting is supported to proactively address risks.
• Samurai XDR can identify subtle lateral movements throughout the environment by consolidating information from multiple sources. These movements are often associated with advanced persistent threats (APTs) which can be responsible for data breaches and malware infections. XDR enables teams to address these threats before they compromise operations or data.
• The detection engine leverages the capabilities of NTT’s Tier 1 internet backbone to provide a unique and enhanced perspective on new and emerging threats. Visibility to over 40% of global internet traffic is provided by this backbone for insight into evolving threats.
• XDR consolidates and prioritizes threat information in a unified interface for improved productivity. Small teams can easily manage threats to the environment without negatively impacting other aspects of IT support.

Learn more how XDR integrates with your current security stack and improves threat detection and response capabilities. The platform adds a valuable method of protecting legal data and avoiding breaches.