Ride the Lightning

Law Firm Breach May Impact More than 23,000 People, Including Firm’s Financial Institutions’ Clients

May 17, 2022

Law.com reported on May 13 that the data breach of Philadelphia midsize law firm Stevens & Lee has grown to include 23,066 people whose personal information was potentially compromised, including customers of the firm’s financial institution clients, according to public records.

This is a major shift from the 344 potentially impacted individuals reported by the 185-lawyer firm in December because of the June 2021 cyber attack.

This should clearly remind us all that law firms are magnets for cybercriminals, not just because of their wealth of client information, but because of their access to the personal information of clients’ customers, which may be sold on the dark web or used as to extort a firm by threatening to make the data public.

Stevens & Lee alerted state attorneys general and affected consumers to the breach in December. In a notice to authorities, the firm said an unauthorized third-party may have gained access to personal information of the firm’s customers, “or, as in your case, certain customers of our clients.”

In letters to affected individuals, the firm said, “You may not have heard of us but we are a law firm which assists financial institutions, one of which was a financial institution with which you had an account or which provided services in connection with loans or accounts you held.” The firm offered them free identity monitoring services.

“While at this time we have no evidence that any information has been misused, and no conclusive evidence that your specific information was accessed, out of an abundance of caution we are providing you with free credit and identity theft protection services,” the firm wrote.

The firm’s breach impacted people in multiple states.

Its lawyer, Richard Goldberg, a Philadelphia-based partner at Lewis Brisbois Bisgaard & Smith, reported to state authorities that individuals’ personal information, including names, Social Security numbers, driver’s license number and account and card numbers, may have been accessed in the breach.

Ransomware, Business Email Compromises and phishing attacks are still the primary tools used. But it is worth noting that remote working also presents dangers.

It’s hard to identify a suspicious log-in when employees work remotely according to Chris Loehr, chief technology officer of cyber insurer CFC Response. That’s because accessing a firm’s network from an offsite location or late at night—which used to be a big indicator of questionable activity—has become a common feature of modern work patterns.

“You used to be able to detect things a lot easier based on people’s patterns but people’s patterns are not the same anymore,” Loehr said.

I couldn’t agree more. This has presented a challenge since the pandemic began. Our tools to detect questionable activity have gotten better, but alerts still require 24/7 attention, an expensive proposition for smaller law firms.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email:   Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson