Law Firms Are Getting Hammered by Cyberattacks

Law firms are facing a significant increase in cyberattacks, with numerous recent incidents highlighting the vulnerability of the legal sector. One notable case involves Bryan Cave Leighton Paisner (BCLP), which experienced a breach in February. The personal data of over 51,000 employees from Mondelēz International, the company behind popular brands like Oreo and Ritz, was exposed. BCLP has been sued in a class action lawsuit due to the delay in reporting the breach, leaving employees susceptible to identity theft.

Loeb & Loeb also suffered a data breach in June 2022, with notifications to clients and employees taking nearly a year. Similarly, Gibson, Dunn & Crutcher had an unauthorized third party access electronic file repositories, potentially compromising personal information. Orrick Herrington & Sutcliffe experienced a breach affecting six Massachusetts residents, but no critical personal information was reported as compromised. Proskauer Rose faced a significant security lapse as sensitive client information was found to be publicly accessible due to misconfigured cloud site security.

Other law firms affected by cyberattacks include Cadwalader, Wickersham & Taft, which had to wipe hard drives and shut down internal systems, and McCarter & English, where a security breach left attorneys without email and remote work systems.

These incidents represent a broader trend. In 2021, law firm data breaches compromised the personal data of over 720,000 Americans, a significant increase from previous years. European law firms are also being targeted, with the National Cyber Security Centre (NCSC) in the UK and France’s cyber watchdog ANSSI reporting an increasing number of hackers-for-hire focusing on the legal sector. This trend poses unique threats to law firms and their clients, potentially influencing legal cases and compromising sensitive information.

Law firms and their clients face significant challenges in protecting their data and safeguarding against cyber threats. The growing scale and frequency of attacks highlight the urgent need for robust cybersecurity measures and increased vigilance within the legal industry.