Cybersecurity

BigLaw firms are targeted in cyberattacks and hacking lawsuits

  •  
  •  
  •  
  • Print

Global cyberattacks

Image from Shutterstock.

Law firms are frequently the target of hackers because of the valuable information they hold.

“News of data breaches at prominent firms has become close to a weekly occurrence, with reports of cyber thieves gaining access to different types of data,” including client data, Bloomberg Law reports.

The story cites a report by cybersecurity firm Checkpoint Research that found one out of every 40 cyberattacks targeted a law firm or insurance provider. The article also points to a 2022 ABA survey in which more than a quarter of law firms said they had experienced a data breach.

Four BigLaw firms reported cyberattacks to state attorneys general in June, according to reporting by Law.com. They are Bryan Cave Leighton Paisner; Gibson, Dunn & Crutcher; Loeb & Loeb; and Orrick Herrington & Sutcliffe.

Bryan Cave told Law.com it took measures to contain the breach. Loeb & Loeb told the publication a “small part” of the firm’s computer network was affected, and it was “unrelated to critical firm infrastructure and outside of our core database.” Gibson Dunn said one office was affected and it contained the incident within one day. Orrick said its breach affected six Massachusetts residents, and there were no operational interruptions.

In April, Proskauer Rose acknowledged that a cyberattack on one of its vendors led to exposure of some of its data.

Five would-be class actions have been filed this year over alleged cyberattacks at law firms, according to the Blooomberg Law story. Three of the defendants were BigLaw firms: Bryan Cave; Cadwalader, Wickersham & Taft; and Smith, Gambrell & Russell. The suits against Cadwalader and Smith Gambrell have since been dropped.

Another BigLaw firm, Covington & Burling, is fighting a lawsuit in which the Securities and Exchange Commission is seeking the names of 298 publicly traded clients allegedly affected by a 2020 cyberattack. Covington claims the names are protected by attorney-client privilege.

Jim Jones, a senior fellow with the Center on Ethics and the Legal Profession, told Bloomberg Law that law firm cybersecurity “is on everyone’s radar screens right now.”

Jones said cybersecurity is a challenge because law firms make client data accessible firmwide. “Balancing maximum security and being able to readily share data creates a certain level of risk,” Jones told Bloomberg Law. “A lot of law firms really struggle with this.”

Give us feedback, share a story tip or update, or report an error.