It has been reported that hackers recently broke into the IT systems of several prestigious US law firms. US Federal Investigators are investigating whether the hackers intended to steal information for insider trading, as the law firms represented Wall Street banks and Fortune 500 companies, in litigation and multibillion-dollar merger negotiations.
Given the sensitive nature of the data that law firms hold, Cybersecurity experts have warned that law firms are attractive targets for Cybercriminals. Hackers often steal blanket amounts of information and subsequently analyse it to see how it could be useful and what value it holds. As a result, the stolen data may not actually be used by the attacker, however given its importance to the data controller, processer and subject, it may still require significant remediation efforts by the law firm.
Fortunately there have been no reports of Cyber-attacks or data breaches in Irish law firms. In Ireland, if a law firm suffers a data breach, they must immediately consider their obligations under the Data Protection Acts 1998-2003, and a useful tool is the Office of the Data Protection Commissioner’s Personal Data Security Breach Code of Practice.