Law Firms (and Client Data) Held Hostage

Hackers have successfully hit at least five United States law firms within the past few weeks. Reportedly, the attacks are part of a coordinated effort potentially affecting nearly 200 victims in January alone. As if that were not frightening enough, the threat to law firms and to their clients, has magnified substantially in light of the type of attack now employed against law firms.

Rather than delivering a ransom note to the infected system and waiting for payment, the recent hackers are publishing the victim’s …

Continue Reading

Data Breach and Insider Trading

Attorneys practicing in mergers and acquisitions are familiar with the sensitive nature of their work and the potential for abuse of the information obtained. In addition to being restrained from trading on that information themselves, they must take extensive precautions to ensure that they do not allow that information to slip to friends, family members, or colleagues. Unfortunately, one cannot assume that others won’t use that information to make trades that could ensnare both the attorney and firm in extensive criminal and civil litigation, regardless …

Continue Reading

Standing Battles Rage on in Data Breach Litigation

One of the primary points of contention in data breach actions is when, and whether, sufficient damages exist to meet the standing requirements under Article III. Circuit courts across the country have come to different conclusions, with some requiring a showing of actual damage and others allowing the existence of the breach to essentially serve as confirmation that the data will be used illicitly. According to a recent brief in support of certiorari, the DC Circuit falls into the latter category and a review by …

Continue Reading

Congress Considering Federal Cyber Breach Laws

Huge cybersecurity breaches at major retailers caught the attention of the public and have made headlines. Now, more recent breach at one of the major credit reporting agencies has the attention of Congress. 48 states and the District of Columbia already have some form of legislation governing security breaches. These statutes typically begin by laying out who is subject to the requirements, such as businesses and information brokers, and what information is considered protected “personal information.” The laws then outline what constitutes a breach, the …

Continue Reading

It’s the Little Things That Count in Cybersecurity

Today it seems as though cyber-security protections are always a half-step behind hackers. For every patch that quietly protects from one type of ransomware, there’s another WannaCry infecting a major company or financial institution. Of course, cyber-security is an important concern for all businesses, including professionals, a point which is still gaining awareness across the country. As these less technologically sophisticated businesses learn more about the importance of cyber-security in the modern world, it can be easy to forget that there are many everyday protections …

Continue Reading

IRS Warns CPAs: Beware of Phishing

Businesses are increasingly becoming the targets of sophisticated cyber-attacks, and professionals are no exception.  When cyber-criminals breach a professional service firm, they not only may gain access to the firm’s corporate data, but also confidential information from the firm’s clients.  Therefore, it is incumbent on all professionals to make data security a priority.

In order to combat this threat, the IRS recently issued a warning to accountants and tax preparers about a new phishing scam intended to access professional and client information.  The phishing …

Continue Reading

Liability for Lax Data Security

Clients entrust professionals with personal information.  As such, professionals have an ethical duty not to disclose confidential information in a manner not permitted by the client.  However, in today’s electronic age, professionals are also expected to take proactive steps to ensure that third-parties do not access confidential client information without authorization. Professionals who fail to prioritize client data security could expose themselves to civil liability.

Recently, a group of clients filed a proposed class action lawsuit against their former law firm, alleging that the firm …

Continue Reading

Baseball’s Cyber Lesson: The Cyber Field of Dreams

Remember when you chose your first online login credentials?  Perhaps it was for your brand new Hotmail account, or that lightning fast AOL dial-up internet.  Like many people, it was probably the first time you ever had to choose a password and it was also probably some combination of your kids’ names, your spouse’s name or your mailing address.  Like far too many people, your password in 2016 may not be much different from the one you made in 1996.  Despite the best efforts of …

Continue Reading

Liability for Hacked Emails?

Professionals depend on third-party email services to operate their business.  As a result, professionals may assume that the vendor is safeguarding their electronic information and therefore the professional is not exposed. False. Consider an attorney sued recently for malpractice arising from an e-mail hacking scam.

A New York real estate attorney‘s e-mail account was hacked recently. The attorney was hired to represent wealthy clients in the purchase of a multi-million dollar condo.  When the hackers gained access to the attorney’s email account, they identified …

Continue Reading

Cyber Risks for Contractors

Professional have become increasingly reliant on digital technology to run their practices.  This digital revolution has reshaped the way that many professionals operate and has allowed professionals to better service their clients.  At the same time, reliance on technology has created new areas of exposure for professionals.

A recent report from Chubb analyzed how this technological revolution has reshaped the construction industry.  Under the traditional design-bid-build process, a project would be designed by architects under a separate contract with the owner, and then put out …

Continue Reading