Ride the Lightning

Data Breaches Reported at Law Firms McCarter & English and Stevens & Lee

April 26, 2022

Law.com reported on April 22 that there have been breaches at midsized law firms McCarter & English and Stevens & Lee.

McCarter & English is actively investigating a network security incident that “impacted the availability of [its] computer systems.”

Leaders at the New Jersey-based firm said they were able to restore key systems in the week after the incident occurred the weekend of April 9, including access to email. Lawyers’ ability to perform services to clients was “not significantly impacted,” the firm said in a statement.

“Upon discovering the incident, we took proactive measures to contain the incident and initiated an investigation. Law enforcement was also notified,” the firm said. “The investigation into the incident remains ongoing.”

To cybercriminals, law firm size doesn’t matter as much as the clients they work for and the likelihood of weak security in small and mid-sized firms.

 According to the American Bar Association’s 2021 technology survey, solo and small firms continue to lag behind larger firms when it comes to their tech budgets, with only 43% of solo and 50% of small firms responding that they budget for technology, compared to the 65% of all firms indicating they budget in technology.

Our own experience is that even those who budget for technology don’t separately budget for cybersecurity defenses.

McCarter & English’s data breach highlights the critical role that two-factor authentication can play in a firm’s cybersecurity defenses. According to statements by the firm, McCarter & English already had a multifactor system for authentication. But after the incident, the firm migrated to data security company Duo for onsite as well as remote access to the firm’s systems.

A report released by Duo states that multifactor authentication has grown significantly across industries in recent years, from 28% of respondents indicating use in 2017 to 79% in 2021. While the number of respondents using two-factor authentication for at least some applications has shown a sharp increase between 2017 and 2021, only a minority of respondents, 32%, report using it on all applications that offer it.

Costs associated with data breaches rose from $3.86 million to $4.24 million on average globally in 2021, according to a report released by IBM. The cost of cyber insurance rose between 30-40% in 2021, with more exclusions often part of the contract.

Stevens and Lee’s data breach consumer notification letter, dated on April 7, 2022 (only recently made public) may be found at https://media.dojmt.gov/wp-content/uploads/Consumer-Notification-Letter-297.pdf. The breach took place in June 2021.

Cole & Van Note, a consumer rights law firm, announces on April 19, its investigation of Stevens & Lee Law Firm on behalf of its consumers/clients, arising out the company’s recent data breach. According to the company, the private information of a massive number of people may have been stolen in the hacking of its information network.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email:   Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson