Ride the Lightning
Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.
Another Law Firm Breach – This Time By An Ex-Partner???
February 15, 2012
Well, that's the allegation in a lawsuit by Elliott Greenleaf & Siedzikowski against former partner William Balaban and his new firm, Stevens & Lee.
If you read the press version of the story, it is fairly clear that we don't yet have all the facts. It is alleged that Balaban and others deleted 5% of the backup tapes for Harrisburg, PA client files and took 78,000 files from the firm's computer system, installing Dropbox. It is certainly possible that a premium version of Dropbox was used to sync files to another computer.
However, it is alleged that Dropbox allowed continuing access to Elliott Greenleaf's computer network through remote access. Around here, we all scratched our heads and said "huh?" We even did some testing – without a third party app, Dropbox just doesn't do this. It is not, by itself, "spy software" as alleged in the complaint. So some pieces of the puzzle are missing, but it is still striking to see Dropbox at the heart of what looks like the theft of confidential data on a grand scale.
While we must wait for the facts to emerge, it is wise to be alert to this new methodology of obtaining firm files without authorization. In the past, virtually all such theft has involved e-mailing files or copying them to flash drives.
Just when you think you've covered all the information security bases, a new threat emerges. And this is why everyone involved with information security preaches "eternal vigilance."
Listen to the Podcast
