Analecta Cyber Company Blog: Experts: Most big law firms have been hacked

2015-10-13

Experts: Most big law firms have been hacked

At a time when high-profile data breaches are hitting various retailers, banks, health insurance companies and even government agencies, experts say hackers are also quietly going after most big law firms.


Unlike financial institutions, law firms have no legal obligations to publicly disclose when they're the victim of criminal hacking. Because of this, for nearly a decade, the actual number of these cyber crimes against law firms wasn’t available. And while the majority of attacks remain undocumented, they are believed to be increasing substantially, particularly among  U.S. law firms with practices involve government contracts or mergers and acquisitions.

These cyber crime problems range from fake e-mails purporting to be from the U.S. Postal Service to some other much more intricate and pervasive breaches. The FBI has provided extended support in mitigating these kinds of attacks after learning that they’ve been increasing in recent years.

Big and small firms are at risk


A law firm based in Baltimore has suggested that the hackers are going after law firms or accounting firms to target major companies because those firms are likely to be holding sensitive information. Cisco Systems Inc. ranks law firms as the seventh most vulnerable industry for “malware encounters” in its 2015 Annual Security Report.

An official with one data security software company revealed in a phone interview that at least 80 of the largest 100 law firms in the U.S. have had some sort of data breach. Other reports have suggested the number may be even higher. Often the firms didn't know they were being targeted and only found out after the damage was done. Because lawyers are bound to keep client information confidential, law firms are very concerned about keeping records private.

A smaller Baltimore law firm has had success in stopping hacking attempts. The mid-sized firm reported it had encountered no problems with its data security. The company added that measures were taken to protect both electronic and hard copies of documents.