Lawyer-Run Organizations Become Hottest Targets for Hackers

UK’s Information Commissioner Voices Concerns About Data Security in Legal Profession (August 5, 2014) – The UK Information Commissioner’s Office (ICO) has received reports of 15 incidents in the past three months involving mishandling of client data by those in the legal profession. The ICO is warning that barristers and solicitors who do not take adequate precautions to protect their clients’ data would face fines of up to GBP 500,000 (US $840,000). – [SANS Editor’s Note (Paller): I have first hand evidence that US law firms have lost huge troves of their clients’ data; the FBI disclosed that US law firms were targets of nation-state attacks in 2009; and the head of MI5 made it clear that the same was happening in the UK in a disclosure the year before. Nation states (as well as economic competitors) have figured out that organizations run by lawyers (as well as the consulting companies run by ex Federal officials) are the most cost-effective way to steal intellectual property from companies seeking to do business in their countries because those companies share the crown jewels with their lawyers and consultants and think they will protect the information. ]


Provided by MIRLN.

Image courtesy of