Biglaw, Technology

Biglaw Firms Fall Prey To Cyberattacks, With Data Breaches On The Rise

The best defense to a cybersecurity incident is a good offense. Which law firms have been caught off guard?

By  
on

Biglaw firms — and law firms, generally — continue to find themselves the victims of cyberattacks, and we’re currently on pace for 2024 to be the worst year yet for law firm data breaches.

The legal profession certainly isn’t off to a great start this year when it comes to cybersecurity incidents. Right now, just five months into 2024, 21 firms have already filed data breach reports with state attorneys general offices (whereas last year, 28 breach reports were filed in total).

According to the American Lawyer, at least one top Biglaw firm has reported a hack this year. Taft Stettinius & Hollister — which brought in $598,000,000 gross revenue in 2023, putting it at No. 83 on the Am Law 100 — was the subject of a ransomware attack in late 2023. Here are some additional details:

An investigation found unauthorized access to “certain data stored on a limited number of secondary servers and workstations, some of which stored client and personal information,” according to the Maine breach report. Personal information such as names, addresses and Social Security numbers of nearly 6,000 people were accessed, the report stated.

“The firm’s IT and operations teams worked around the clock throughout the weekend,” [privacy and data security practice group chair Scot] Ganow said in a statement to The American Lawyer. “By the following Monday, the firm had safely restored full access to our email and document management systems, as well as other primary systems, enabling us to fully communicate with and serve our clients without material interruption.”

The attack didn’t impact primary systems such as document management, email, financial systems and cloud-based repositories, Ganow added.

Three Am Law 200 firms — Robinson & Cole; Butler Snow; and Burr & Forman — also filed data breach reports this year.

This is serious business, and law firms of all sizes need to be prepared to stave off cyberattacks before they’re forced to send out CYA notices about how they’re assessing what data has been impacted and which clients have been affected.

Law Firm Data Breach Reports Show No Signs of Slowing in 2024 [American Lawyer]

Sponsored

Staci ZaretskyStaci Zaretsky is a senior editor at Above the Law, where she’s worked since 2011. She’d love to hear from you, so please feel free to email her with any tips, questions, comments, or critiques. You can follow her on X/Twitter and Threads or connect with her on LinkedIn.

Sponsored

CRM Banner

Topics

, , ,