London - Paris

Law Firm Internet Security and Data Protection

Law Firm Internet Security and Data Protection

UPDATE November 2020 :

Recently the European National Security Agencgy, ENISA, has published a report pointting an increase of cyberattacks since the generalisation of WFH (Work From Home, due to the COVID-19 pandemic.

Since the ECJ decision in Juily 2020, Schrems-II v Facebook, It has been cleared that no personal data should leave the European Economic Area, EEA, or transferred in the hands of a US Communication Provider, a principle extended to any country not benefiting from an adequacy agreement. Therefore, all legal professions regularly exchanging data outside the EEA, need to take specific measures to ensure the security of these data, at an equivalent level as the protection offered by the GDPR within the EEA. Data subjects whom data are being exported have to be informed in all transparency, of the risks associated to such data transfer.

 “70%_of the data breaches expose e-mails. Although username/e-mail and passwords (i.e credentials) are easily changed in contrast with personal details (i.e. date of birth), the focus is mostly on these in data breaches.” 

Further read :

Mossack Fonseca law firm shuts down operations 2 years after Panama Papers

Rançongiciel : l’«enfer professionnel» des victimes au tribunal

“Pour moi, il y a eu un avant et un après le mercredi 26 octobre 2016,raconte, la voix ferme et haute, la robe noire de 68 ans, spécialisée en droit corporel.J’ai perdu quatre années de vie, de données et de pratique professionnelle.»

Insurance Client Sues Small Law Firm $1.5M for Dark Overlord Payment

…the insurance company sued the law firm in federal court in Kansas City. Hiscox Insurance Co., et. al., v. Warden Grier, Dkt. No. 4:20-cv-00237-NKL (E.D. Missouri). The company alleged that the law firm breached its legal obligations under the retainer agreement with the company, that it breached its ethical obligations to protect client confidences, and that it was negligent in failing to protect the client data.

Law firms under constant cyber-attack

Hackers hit A-list law firm of Lady Gaga, Drake and Madonna

Report shows UK law firms unprepared for cyber attacks

For @ICOnews Firms must protect the personal data of their clients. The Financial Conduct Authority warns firms that they must be responsible when they are handling client data.

The Six Biggest Cybersecurity Threats to Law Firms

Law Firm Internet Security and Data Protection

Data breaches are unfortunately becoming more common, and law firms, given the sensitivity – and therefore value – of the data they handle, are falling victim to cyberattacks at an alarming rate.

Just recently, we’ve seen a major data issue at legal software provider Advanced Computer Software, affecting over 190 of the industry’s most prestigious law firms.

Meet the Hacker Groups Snatching Law Firms’ Client Data

In nearly six months, at least seven law firms have been infiltrated by ransomware, according to media reports. Of the attacks, hacker groups Maze and REvil have taken responsibility for them all.

Both groups are well-known, said Mark Sangster, vice president and industry security strategist of cybersecurity firm eSentire. And unfortunately for legal, Sangster added, “it seems they lately have turned their focus upon law firms.”


Piratage d’avocats et de magistrats, une fuite de données sous la robe ?

Accès à privilèges : les cabinets d’avocat plus que jamais sensibles aux tentatives de cyberattaque

‘La moitié des entreprises en France et dans le monde a été victime de fraude au cours des 24 derniers mois’ être en conformité #RGDP aurait sensiblement réduit les risques d’exposition des données. Le Monde du Droit


Le monde judiciaire français ciblé par une vaste cyberattaque

Cabinets d’avocats : la cible idéale des cyber-attaques

Un système informatique non sécurisé du cabinet d’affaires Mossac Fonseka est ce qui a permis la divulgation des Panama PapersThe security flaws at the heart of the Panama Papers

REvil : décryptage du plus terrible des ransomware

Des données personnelles de plusieurs célébrités ont été volées à un cabinet d’avocat

U.S. accuses Chinese citizens of hacking law firms, insider trading

Three Chinese citizens have been criminally charged in the United States with trading on confidential corporate information obtained by hacking into networks and servers of law firms working on mergers, U.S. prosecutors said on Tuesday.

Marie-Hélène FABIANI @Carole Painblanc cc François RUHLMANN-FOURNIER – Avocat, Médiateur et Arbitre cc Clotilde LEPETIT cc Brigitte Bogucki cc Xavier Autain cc Julie Couturier cc Vincent Nioré cc Nathalie ATTIAS cc geneviève CATTAN cc Margaux Durand-Poincloux cc Chloe Bouchez cc Joëlle Monlouis

. Cybersécurité  Ransomware  Data Breach

 Sensitive data . ENCRYPTION

 Transmission des données hors EEA

 CEJ Schrems-II  Cookies  Directive ePrivacy

 Planet49  Fashion ID

La #cybersécurité des cabinets d’avocats ? Parlons-en avec la Présidente du CNB Conseil national des barreaux – les avocatsChristiane Féral-Schuhl: “Désormais la cybersécurité fait partie de la pratique quotidienne de l’avocat” >

Mossack Fonseca hack and the Panama Papers scandal should have been a wake up call for all law firms to take clients data security more seriously. Here is Why we Should All Care About Panamapapers even if we have no offshore investment.

Law Firm Cybersecurity is at high risk. Dozens of big firms are targeted by hackers seeking for sensitive financial information. Major law firms including Cravah and Will Gotshal have suffered data breach. FBI has issued warnings. Still too many use insecure email exchange for information transfer.

Threats of Litigation After Data Breaches at Major Law Firms.

…both Weil Gotshal & Manges and Cravath, Swaine & Moore as well as other firms have suffered data breaches in recent months, put new attention on the potential consequences for law firms with lax security.

Daniel Solove, US privacy scholar wrote

Law firms are facing grave privacy and security risks. Although a number of firms are taking steps to address these risks, the industry as a whole needs to grasp the severity of the risk. For firms, privacy and security risks can be significantly higher than for other organizations. Incidents can be catastrophic. On a scale of 1 to 10, the risks law firms are facing are an 11.

Daniel Solove describes the situation and offers solutions to avoid the harms caused to the reputation and clients of a law firm attacked.

Just as an example, here is a List of data breaches and cyber attacks in February 2017. Recently, 1500 companies in over 100 countries hit by malicious Adwind backdoor RAT.

The CNIL, French Data Protection Authority has been publishing advices, including easy ways of encryption. I still hear Solicitors, lawyers, Notaries, exchanging sensitive data via simple emails or Dropbox. These are recipes for disaster and lack of consideration for clients. Apart from the reputation disaster, the GDPR new EU data protection regulation has serious fines to consider. Think well before too late : 20M Euro or 4% of world turnover fines.

Sometimes the treat comes from an insider. You might want to monitor live transfer of data from your network. If your employees bring their own devices, here is a good advice from the UK ICO.

I keep my sources of information updated on Pearltrees curation:

This work is licensed under a Creative Commons Attribution 4.0 International License.