Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Over 100 Law Firms Have Reported Data Breaches

October 22, 2019

More than 100 law firms have reported data breaches to authorities in 14 states since 2014, according to an analysis by Law.com (sub.req.).

Two of the largest law firms reporting breaches were Jenner & Block and Proskauer Ross, both which have cybersecurity and privacy practices (oh the irony). Law.com got the information for its article through public records requests. Jenner and Proskauer reported they were victimized by what appeared to be legitimate requests for W-2 forms. Jenner & Block reported that employees' W-2 forms were "mistakenly transmitted to an unauthorized recipient" in 2017 based on what appeared to be a legitimate request from a senior executive. More than 1500 people were affected. The phishing incident may have exposed Social Security numbers, salaries and other personal information for 859 people, the law firm told New York authorities.

Certainly a common attack – one which most law firms are now prepared for.

Many of the breaches were attributed to phishing attacks, hacking and vendor security lapses.

Jenner told Law.com it complied with legal and reporting requirements in connection with the incident and it provided assistance to affected personnel.

Three other law firms—Harris Beach, McGlinchey Stafford and Sanford Heisler Sharp—reported unauthorized access to email accounts.

Approximately 20 states do not require reporting to state officials in the event of a breach. Some other states only require reporting for data breaches above a certain threshold. How many law firms have been breached and not reported it? In our opinion, probably a lot.

As I have mentioned before, at a private meeting of law firm security personnel for large DC firms, it was clearly stated that all the firms represented there had been breached. Of course, that doesn't necessarily mean that reporting was required. But make no mistake about the extent of law firm data breaches. Personally, I commend Jenner and Proskauer for their compliance with the reporting requirements. My guess is that many firms have not complied.

As Claudia Rast, Butzel Long's cybersecurity group leader noted, "Unfortunately, many law firms don't report it. They don't want their clients to know about it."

Hat tip to Dave Ries.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Over 100 Law Firms Have Reported Data Breaches

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer