Over 23K People Compromised By Data Breach At Mid-Sized Firm... In Case You're Wondering How Bad These Can Get

There's no such thing as a 'small' data breach for firms.

Ransomware Business Computer Malware Privacy BreachIf lawyers are looking for an It’s A Wonderful Life moment where they learn just how many lives they’ve touched, a data breach will certainly give it to them.

The biggest law firm misconception in cybersecurity is underestimating the chances that bad actors are after you. They are.

But the second biggest misconception is that there’s such a thing as a “small” data breach. Not that any firm is careless enough to think a data breach would be no big deal, but it might shock lawyers to realize just how far-reaching a data breach can get. As a cybersecurity expert told me earlier this year, when people think they’ve “just had a breach” usually that means the bad actors have been lurking in the system for months. Whether or not that’s the case in any specific breach, firms just need to understand that these are rarely isolated leaks that they can patch up without it spiraling.

A couple weeks ago, we had a story about a data breach at Philadelphia-based Stevens & Lee stemming from a June 2021 attack. The firm isn’t small by any means, with multiple offices and around 200 attorneys, but in a world of global firms with thousands of attorneys, it’s not huge.

Which is why the key takeaway from this story is just how giant a breach can get.

Following up on that post, Sharon Nelson of Sensei Enterprises (who wrote our original coverage) explains that the extent of the breach “has grown to include 23,066 people whose personal information was potentially compromised, including customers of the firm’s financial institution clients, according to public records.” That’s up from the original estimate of… 344 people.

Because data breaches have tentacles.

Sponsored

In letters to affected individuals, the firm said, “You may not have heard of us but we are a law firm which assists financial institutions, one of which was a financial institution with which you had an account or which provided services in connection with loans or accounts you held.”

This data may not get abused, but that’s not the point. The point is that, like George Bailey, your practice impacts a lot more people than you might realize.

Law Firm Breach May Impact More than 23,000 People, Including Firm’s Financial Institutions’ Clients [Sensei Enterprises]

Earlier: Two Law Firm Data Breaches And New Breach Stats


Sponsored

HeadshotJoe Patrice is a senior editor at Above the Law and co-host of Thinking Like A Lawyer. Feel free to email any tips, questions, or comments. Follow him on Twitter if you’re interested in law, politics, and a healthy dose of college sports news. Joe also serves as a Managing Director at RPN Executive Search.

CRM Banner