On 5 May 2017, a federal district court in New York ordered four people involved in breaching the networks of two law firms and stealing confidential information to pay approximately $8.9 million in fines.
According to the Securities and Exchange Commission, the hackers installed malware on the law firms’ networks, enabling them to view and copy data held by the law firms. The stolen data included emails revealing the details of clients considering mergers or acquisitions. Armed with this information, the hackers purchased shares in those companies ahead of public announcements, quickly amassing profits of almost $3 million.
There are concerns that hackers consider law firms as “low risk, high reward” targets, as a successful breach can reveal sensitive information about a multitude of clients such as trade secrets and financial data. These breaches can result in firm clients being exposed to massive commercial and legal risk.
One can be cynical at expenditure on security, let’s face it, it means less money in partners’ pockets – but cases like this are a salient warning of the hidden costs of getting security wrong!