Fixing the Impossible
24/7 (202) 973-1300   

New Year, New Hacks

Share on facebook
Share on twitter
Share on linkedin

Retailers, social networks, health care providers and insurers…Each has taken its turn as a favorite target for cyber criminals. Over the past two years health care has assumed center stage, capped by the 2015 attack on Anthem that exposed almost 80 million records. But as we enter 2017, a new – and significantly more cunning – threat is emerging: hacking-facilitated securities fraud.

The tactics differ from case to case, but the strategy remains the same. Attackers seek access to confidential records concerning a public company™’s earnings, merger & acquisition plans, or product developments prior to public release and use the information to make illicitly informed trades. But rather than attack the company™’s own servers, which would be the most obvious but best-protected target, cyber criminals are identifying weaker links in information chain of custody.

Top of the list? Law firms.

As of this week, three Chinese nationals have been charged for allegedly hacking into two major U.S. law firms in a bid for information related to clients’ pending mergers. The three Chinese nationals charged in this matter, Iat Hong, Bo Zheng and Hung Chin, allegedly used malware to infiltrate the servers of two law firms in 2014 and 2015. The information they stole led to $4 million in illegal profits.

Manhattan U.S. Attorney Preet Bharara said the case “should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking, because you have information valuable to would-be criminals.”

If Mr. Bharara™’s warning is not enough, pending litigation very well might be. In early December, Chicago-based Johnson & Bell was named in the first public data security class action complaint against a U.S. law firm. The suit, which alleges that Johnson & Bell failed to adequately care for confidential client information, is likely to be the start of a string of like-minded cases.

What can law firms do to address this growing threat? Keeping information confidential is a pillar of every law firm™’s promise and service to its clients. Investment in cybersecurity is clearly a first step, but as we all know, even the best security is not infallible. Firms must plan for a worst-case scenario. The ability to effectively communicate with law enforcement, clients, and internal audiences in the wake of a cyber breach can save a firm™’s reputation and even mitigate its legal liabilities.

More Posts

Real People Histiry

The Real People of History

“Lather was thirty years old today.They took away all of his toys.His mother sent newspaper clippings to him,About his old friends who’d stopped being boys.”

Richard Levick on PRWeek

Richard Levick joins PRWeek for their weekly podcast to discuss the latest PR trends, recent crises and what it’s like working with foreign governments during

The Middle Road

“I was lyin’ with my mess-mates on the cold and rocky ground When across the lines of battle came a most peculiar sound Says I