Criminal Charges Highlight Law Firm Cyber Vulnerability

Criminal Charges Highlight Law Firm Cyber Vulnerability

The January 2017 criminal charges brought against three Chinese citizens for alleged hacks into law firm servers should be a warning to law firms that they are high-value targets for hackers.

The alleged hackers were charged with insider trading based on confidential corporate information obtained through the hacking of several U.S. law firms working on client mergers. As reported by Reuters, prosecutors say the hackers made more than $4 million by placing trades in at least five company stocks based on information from the breached law firm servers, including deals involving Intel Corp and Pitney Bowes Inc.

Beginning in April 2014, the trio allegedly obtained confidential deal information from two U.S. law firms using an employee’s credentials to install malware on firm servers and hack the email accounts of the partners involved in mergers and acquisitions.

Prosecutors did not identify the two firms, or five others the hackers are alleged to have targeted.

A ‘Wake-Up Call’ for Law Firms

Preet Bhahara, U.S. Attorney for the Southern District of New York, cautioned that law firms are major targets for hackers.

“This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world,” he told Reuters. “You are and will be targets of cyber hacking, because you have information valuable to would-be criminals."

Lawyers often access, transmit, and store their clients’ most confidential data, potentially becoming a port for an aspiring hacker or thief to obtain valuable information.

Cyber Insurance Can Help Shift Some Risk

As law firms become paperless, wireless, and completely immersed in the electronic age, it is important to consider risks the firm might face in the event of a security breach. Cyber insurance policies often provide coverage for law firms to alleviate the impact of a network hack, sometimes for a very reasonable premium. 

Cyber policies, however, are not standardized and their terms vary widely based on the carrier and coverage requested.  If your law firm is considering cyber coverage, be sure to read our previous blog post, “6 Quick Tips for Law Firms in the Market for Cyber Insurance.”