Data breach of a lawyers office that resulted in unauthorised access to client file results in a malpractice suit against the firm confirming that lawyers tend to be lousy when it comes to data security

May 2, 2018 |

Law firms are a key target of hackers.  That has been known for some time. Lawyers hold sensitive client information which has value to competitors and criminals.  They also hold personal information which can be used for identity theft.  Finally they control bank accounts that hold signfiicant sums, such as proceeds of sales and purchases, client money held in trust and payments made to the lawyers but not distributed.  Law firms are also key targets because they are generally inept at data security.

The consequences can be catastrophic as the closure of the Panamanian firm Mossack Fonseca on 15 March 2018 after the release of the Panama Papers. A leading offshore Bermuda based law firm, Appleby suffered a data breach in October last year. In April last year a Providence law firm was hit with a ransomware attack which resulted in lost billings of $700,000.  The American Bar Association noted that in 2015, approximately one quarter of all U.S. law firms with 100 or more lawyers had experienced a data breach through hacker or website attacks, break-ins, or lost or stolen computers or phones and 15 percent of all law firms overall, regardless of size, had reported an unauthorized intrusion into the firm’s computer files, up from 10 percent in 2012.  In a report last year LogicForce found that law firms were in the main woefully unprepared with:

  • 2/3 of 200 responding law firms experiencing some form of cyber breach
  • 77 percent of responding firms did not have cyber insurance,
  • 95 percent of responding firms were noncompliant with their own cyber policies,
  • 100 percent were noncompliant with a client’s policies, and
  • 53 percent of responding firms do not have a data breach incident response plan

In New Jersey, United States a law firm, Wienburger Divorce and Family Law Firm Group is being sued for malpractice (negligence in Australia) for a data breach which revealed the firms client file and disrupted a divorce proceeding.

There is absolutely no reason to suppose Australian law firms are any better prepared.  It is probably worse given the privacy culture in Australia is so poor given the timid regulation for the last 30 years.

Leave a Reply