Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Citigroup Report Chides Law Firms for Not Disclosing Data Breaches

March 30, 2015

According to a New York Times story, the reluctance of law firms to discuss or acknowledge data breaches has frustrated law enforcement and clients for years. The report was issued last month and indicated that law firm security is often below the standards for other industries.

Federal authorities are urging law firms to be more open about reporting incidents. Good luck with that. I have frequently observed that law firms are loathe to admit to data breaches, no doubt having nightmares involving a massive client exodus after the revelation of a breach. Without a law that has teeth, I don't expect that to change – even though the law firms may be ethically required to report the breaches to clients. They don't fear the bar disciplinary authorities nearly as much as they fear the loss of clients.

Citigroup issued a statement last week distancing itself from the report. A person briefed on the matter but not authorized to speak publicly said the bank had stopped distributing it.

“The analysis relied on and cited previously published reports. We have apologized to several of the parties mentioned for not giving them an opportunity to respond prior to its publication in light of the sensitive nature of the events described,” said Danielle Romero-Apsilos, a Citigroup spokeswoman. Do you think there might have been some pressure applied to bury the report? I sure do.

The bank’s report mentioned incidents involving two smaller firms – Puckett & Faraj and Gipson, Hoffman & Pancione. Puckett, a Washington-area firm, was hacked in 2012 by activists associated with the group Anonymous, who were angered by the firm’s representation of a United States soldier who pleaded guilty in connection with his role in the death of 24 Iraqi civilians. Gipson, based in Los Angeles, said in 2010 it was hacked that year because of a software piracy lawsuit it had filed against the Chinese government.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
www.linkedin.com/in/sharondnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Citigroup Report Chides Law Firms for Not Disclosing Data Breaches

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer