The Top 11 Legal Industry Cyber Attacks

Share :

When a law firm experiences a breach, there’s a lot at stake. In addition to the time, effort, and expense the firm must spend responding to a cyber attack, employees may find themselves unable to access the firm’s technology and, therefore, unable to bill hours.

To sum it up, a firm’s reputation suffers when it can’t meet the needs of its clients, which in turn could lead to a loss of market share.

Meanwhile, the risk of being breached is significant. According to an American Bar Association survey, the number of law firms that experienced a cybersecurity breach in 2020 marked an uptick from the 12 months prior. In fact, 29% of survey respondents suffered the fate compared to 26% in 2019. This indicates that cybersecurity is even more important than before, particularly for law firms that deal with important clients such as Google.

To showcase the rising danger and repercussions, we’ve compiled a list of the eleven of the biggest cyber attacks and cyberthreats targeting law firms.

The Most Notable Law Firm Cyber Attacks

11. Campbell Conroy & O’Neil P.C.

The law firm Campbell Conroy & O’Neil P.C. was subject to a data breach on February 27, 2021. The firm became aware of unusual activity, then conducted an investigation and discovered it had unwittingly been a ransomware victim.

The ransomware attack prevented Campbell Conroy & O’Neil P.C. from accessing critical files in its system. Although the full extent and impact of the attack have not yet been determined, Campbell Conroy & O’Neil P.C. speculates that the attacker had access to clients’ names, Social Security numbers, driver’s license numbers, dates of birth, and other key identifying facts.

  • Cyber attack type: Ransomware
  • Location: Boston, Massachusetts
  • Cost: Unknown
  • People and companies affected: Unknown

In response to the breach, Campbell Conroy & O’Neil P.C. contacted third-party forensic investigators to determine what information may have been compromised. Furthermore, the law firm alerted the FBI and offered its clients 24 months of complimentary access to services such as credit monitoring, fraud consultation, and more.

10. Grubman Shire Meiselas & Sacks

In May 2020, Grubman Shire Meiselas & Sacks, which offers legal services to the entertainment and media industries, acknowledged having experienced a ransomware attack. To exert pressure, the hackers leaked information involving Lady Gaga, who is a client of the law firm. They also threatened to release information involving other celebrities.

The attackers asked for a ransom payment of $42 million to prevent the release of the documents to the public. The perpetrators originally asked for $21 million, then doubled their payment demand.

According to news outlets, the criminals behind the attack reported having received $365,000 from the firm. They threatened to release additional data, much of which involves celebrities, if they didn’t receive payment in full.

  • Cyber attack type: Ransomware
  • Location: Undisclosed
  • Cost: To be determined
  • People affected: To be determined

As part of its response, the firm disclosed that it has hired “the world’s experts who specialize in this area, and [is] working around the clock to address these matters.”

Previously, Travelex, a British company that provides foreign exchange services, paid the same criminal gang a $2.3-million ransom to regain control of its files and network.

9. Fragomen, Del Rey, Bernsen & Loewy

Fragomen, Del Rey, Bernsen & Loewy confirmed it was the victim of a data breach on September 24, 2020. The law firm was heavily involved with Google, and the data breach involved personal information for both current and former Google employees.

An unauthorized third party was able to access at least one file that contained personal information on several Google employees, such as driver’s license numbers and other personally identifiable information. This placed certain Google employees at risk for identity theft or other forms of fraud.

  • Cyber attack type: Unknown, possibly phishing scam
  • Location: New York
  • Cost: Unknown
  • People and companies affected: Unknown

Fragomen, Del Rey, Bernsen & Loewy filed a notice with the FBI and, even today, are still unsure how many Google employees are or were affected. The state attorney general was notified, and Google has updated its security policies for Form I-9s for employees.

Lawyer making notes inside of a book. Legal cyber attacks continue to rise at an alarming rate.

8. Oleras

In 2016, a cybercriminal using the alias Oleras allegedly targeted 50 law firms to steal confidential information to facilitate insider trading. The hacker attempted to hire accomplices via the criminal underground to help breach the law firms’ defenses and then use keywords to search for pending deals

To entice others to join, Oleras advertised a plan that detailed the names, email addresses, and social media accounts of the law firm employees to be targeted.

One of the phishing emails associated with the scheme appeared to originate from a business journal asking to run a profile of the recipient about their work in mergers and acquisitions.

  • Cyber attack type: Phishing
  • Location: United States
  • Cost: Undisclosed

Once made aware of the threat, the FBI initiated an investigation and issued an industry alert. To date, none of the law firms targeted by Oleras have disclosed a breach in their firm’s defenses.

7. Jenner & Block and Proskauer Rose

Jenner & Block admitted that in response to a request that appeared legitimate, the firm had “mistakenly transmitted” employee W-2 forms to “an unauthorized recipient” in 2017. The phishing scheme resulted in the inadvertent sharing of personal information of 859 individuals, including their Social Security numbers and salaries.

Proskauer Rose experienced a similar attack, involving what appeared to be a routine request from a senior executive within the firm. In this case, the firm lost control of more than 1,500 W-2s.

  • Cyber attack type: Phishing
  • Location: New York
  • Cost: Undisclosed
  • People affected: 2,359

Jenner & Block reported the breach to the relevant authorities. It provided two years of access to Experian’s ProtectMyID Elite 3B product to employees whose information was released. It also established a hotline for former and current employees and held townhall meetings with employees to discuss the breach.

Proskauer Rose also notified authorities of the disclosure of its employees’ personal information. The firm provided two years of identity recovery services for all employees, regardless of their involvement in the breach.

6. GozNym Malware

In 2016, two undisclosed law firms experienced attacks involving malware known as GozNym, which criminals used to covertly steal banking login and password information.

To trick law firm personnel into providing their banking credentials, the criminals sent a phishing email that directed the recipient to web pages designed to look like their bank’s website. The scheme used keystroke logging, which recorded the keys entered when victims visited the fake bank site. It then sent that information surreptitiously to the cybercriminals.

The attack targeted bank accounts at Bank of America and Brookline Bank. Once the criminals gained access to the law firm’s bank accounts, they transferred funds to other U.S. and foreign bank accounts they controlled. One law firm experienced a loss of more than $76,000, while the other firm lost $41,000.

  • Cyber attack type: Phishing and malware
  • Location: Washington D.C. and Wellesley, Massachusetts
  • Cost: $117,000

According to the indictment, GozNym infected thousands of devices, with the potential to cause more than $100 million in losses.

Legal books on a shelf. Law firm cyber attacks continue to rise.

5. Moses Afonso Ryan Ltd.

The law firm Moses Afonso Ryan Ltd. had its critical files locked down for three months due to a ransomware attack in 2016. Specifically, the firm’s billing system and documents were frozen, so they could not be paid by clients and key financial information could not be accessed.

After the system was disabled, the law firm was forced to negotiate a ransom, which was paid in Bitcoin. In total, nearly $700,000 was lost in client billings, as well as the undisclosed ransom cost.

  • Cyber attack type: Ransomware
  • Location: Providence, Rhode Island
  • Cost: At least $700,000
  • People and companies affected: Unknown

Moses Afonso Ryan Ltd. was first required to pay Bitcoin up front to the hackers, then negotiate additional Bitcoin releases later. This unfortunate predicament left the firm floundering and its employees unproductive for several months.

4. Cravath Swaine & Moore and Weil Gotshal & Manges

To engage in insider trading and gather confidential information regarding pending mergers and acquisitions, three Chinese nationals targeted the law firms of Cravath Swaine & Moore and Weil Gotshal & Manges.

According to the U.S. government, Iat Hong, Bo Zheng, and Chin Hung earned over $4 million in profits while trading on information they stole from the law firms. To gather such information, the perpetrators used their unauthorized access to read emails belonging to partners at both firms about pending transactions involving public companies.

The indictment notes the defendants targeted five additional law firms, launching at least 100,000 attacks on those firms.

  • Cyber attack type: Malware and other undisclosed methods
  • Location: New York
  • Cost: Undisclosed
  • Illegal trading profits: $4+ million

For trading on insider information, the U.S. Securities and Exchange Commission fined the perpetrators $8.8 million.

3. DLA Piper

In June 2017, DLA Piper suffered a ransomware attack that first struck its Ukrainian offices during an upgrade of its payroll software. The attack involved malware known as NotPetya. The firm cited its “flat network structure” as a reason the infection spread so quickly.

As a result of the attack, DLA Piper employees around the world could not use the firm’s telephones or email system, and some struggled to access certain documents. However, the firm states that it did not lose any data and its backups remained intact.

  • Cyber attack type: Ransomware
  • Location: Ukraine, then global
  • Cost: Millions of dollars

In response to the attack, the firm’s IT department worked 15,000 hours of paid overtime. Given the depth and severity of the attack, the firm had to wipe and rebuild its Windows environment.

2. Appleby

In 2016, Appleby, an offshore law firm located in Bermuda, experienced a cyber attack. News of the attack surfaced in 2017, when the hack attracted interest from the ICIJ.

Known as the Paradise Papers, the law firm’s breached records included 13.4 million files. According to The Guardian, a total of 96 media companies and 381 journalists reviewed the documents.

The same journalists from Süddeutsche Zeitung who received the Panama Papers also obtained the documents in the Paradise Papers. Appleby denied the involvement of an insider, instead claiming that hackers had taken the documents.

  • Cyber attack type: Hack or insider attack
  • Location: Bermuda
  • Cost: Undisclosed
  • People and companies affected: 120,000+

In response to the breach, Appleby engaged in legal action against The Guardian and the BBC, seeking compensation for the disclosure of its legal documents. It subsequently settled the dispute by entering into a confidential agreement with both media companies.

The ICIJ reports that the Paradise Papers resulted in the recovery of unpaid taxes and assessment of penalties. The ICIJ also reports an increased awareness of the need for vigilance and more robust security to prevent future breaches.

1. Mossack Fonseca

In April 2016, journalists from German newspaper Süddeutsche Zeitung, Bastian Obermayer and Frederik Obermaier, received approximately 11.5 million documents belonging to the Panamanian law firm Mossack Fonseca.

The journalists subsequently contacted the International Consortium of Investigative Journalists (ICIJ). The ICIJ put together a team of 107 media organizations located in 76 countries to review the documents, later known as the Panama Papers. Among other forms of questionable activity, the documents detailed the widespread use of shell companies and complex transactions as means of committing tax fraud.

While some claim that the 11.5 million records that ended up in the hands of the world press came from a leak from an anonymous insider, Mossack Fonseca claims that the firm experienced a hack.

  • Cyber attack type: Hack or insider attack
  • Location: Panama City, Panama
  • Cost: The firm closed its doors in March 2018
  • People affected: 300,000+

In the aftermath of the Panama Papers, several individuals mentioned in the documents resigned, including Iceland’s then prime minister, Sigmundur David Gunnlaugsson. Governments around the world used the documents to recover more than $1.2 billion. As a direct result of the adverse publicity associated with the Panama Papers, Mossack Fonseca closed its doors in March 2018.

Protecting Your Law Firm From Cyber Attacks

In addition to attempting to commit run-of-the-mill bank fraud, cybercriminals increasingly want access to the data and intellectual property in a firm’s possession. In fact, many of the most damaging attacks involve either the outright theft of confidential data to support insider trading schemes or the theft and ransom of law firms’ client data.

If you’re looking to enhance security at your organization, Arctic Wolf provides law firms with customized cybersecurity services, which include round-the-clock, on-demand access to a dedicated team of security experts with extensive experience working with the legal sector.

And for more information on major hacks and breaches, check out the biggest manufacturing industry cyber attacks and healthcare cyber attacks. 

Arctic Wolf

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.
Share :
Table of Contents
Subscribe to our Monthly Newsletter