Major Biglaw Firm Suffers Cyber Security Breach Of Mergers & Acquisitions Data

The data was reportedly left unsecured for six months.

cyber-security-g556f067a5_1920Biglaw firm Proskauer Rose recently suffered a major cyber security event, when client data was left unsecured for six months. The firm confirmed the incident, saying, they “recently become aware of a cyberattack against the cloud storage used by the firm.”

As reported by Law360,

The firm claimed that an unnamed outside vendor retained by Proskauer had not properly secured an information portal, exposing data stored on a third-party cloud platform.

“Our IT security team immediately took steps to reconfigure the site and secure its data,” the spokesperson said Friday. “This is an ongoing investigation, and we have been urgently working with in-house and third-party cybersecurity experts to confirm our current understanding of the facts.”

The firm added that it would “communicate promptly” with any affected parties as “we gain sufficient information to responsibly do so.”

So what kinds of data are we talking about? TechCrunch has the deets:

A person with knowledge of the incident told TechCrunch that data from Proskauer’s merger and acquisitions business was left on an unsecured Microsoft Azure cloud server.

TechCrunch obtained a portion of the exposed dataset, which included approximately 184,000 files total, the person told us. These files were accessible from the web browser by anyone who knew where to look, and contained private and privileged financial and legal documents, contracts, non-disclosure agreements, financial deals and files relating to high-profile acquisitions.

Yikes.

According to reports, the issue has since been resolved. The firm’s statement on the matter continues, “We take the protection of our data incredibly seriously and take aggressive steps to monitor and protect against any unauthorized access or use of that data.” “We conduct regular security reviews, including penetration testing performed by expert third parties, and continually monitor our data environments, including the environment targeted by the attack, to ensure our data is secure.”

Sponsored


Kathryn Rubino is a Senior Editor at Above the Law, host of The Jabot podcast, and co-host of Thinking Like A Lawyer. AtL tipsters are the best, so please connect with her. Feel free to email her with any tips, questions, or comments and follow her on

Sponsored