As users of modern technology and keepers of, at times, vast amounts of electronic confidential client information, it is no surprise that attorneys and law firms, just like their clients, are increasingly targets of cyber criminals. It was only a matter of time, in a world of daily headlines covering data incidents and breaches across every industry, that cyber attacks would be aimed at the legal industry. Yet attorneys, like cobblers’ children without shoes, are often behind the curve in addressing cyber security risks. While attorneys have always been charged with protecting client information, rapidly changing technology and evolving cyber threats now require attorneys to rethink their systems and practices to ensure that such information remains confidential.

The legal industry is increasingly at the forefront of cyber security news

Over the past year, the legal industry has seen a dramatic increase in high-profile cyber incidents, some of which garnered worldwide press attention. In March 2016, the FBI notified the legal industry of evidence that a criminal actor was seeking hackers to assist in obtaining material, non-public information from international law firms for the purposes of an insider trading operation. The criminal actor posted in an online forum to solicit help, and provided “search criteria for industry-specific information” for hackers to use in locating useful information on law firm networks. Around the same time, Crain’s Chicago Business newspaper published an article on a Russian cyber criminal who was allegedly trying to hack major law firms for insider trading information. The Crain’s article went on to identify 48 targeted firms by name.

Another announcement in the first quarter of 2016 revealed that several top firms representing Wall Street banks and Fortune 500 companies – including Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP – experienced breaches, instantly making news headlines. In the aftermath, Cravath acknowledged a “limited breach” of its systems and Weil Gotshal declined to comment publicly. The DOJ and FBI initiated a probe into the breaches to determine whether information was stolen for purposes of insider trading.

Apr-Jun 2017 Issue

King & Spalding