The "Dark Overlord" Strikes The Practice Of Law: What Law Firms Can Do To Protect Themselves
April 17, 2019 —
Ivo G. Danielle – Newmeyer & DillionCybersecurity breaches involving law firms are on the rise with each passing year. Law firms are prime targets for cyber criminals seeking confidential and sensitive information because of the various types of legal work that law firms normally handle for their clients. Whether it be mergers and acquisitions, the use of intellectual property, purchase agreements, bankruptcy or even litigation involving divorce, law firms are a rich depository for highly confidential and sensitive information. As a result, law firms must employ comprehensive security measures to protect themselves from security breaches or risk being on the losing end of a costly malpractice claim, and suffer severe reputational harm.
Law Firms Continue To Be Targeted By Cybercriminals
According to the American Bar Association ("ABA") 2018 Legal Technology Survey Report, 23% of the law firms who participated in the survey reported that their law firm experienced a data breach. Although this may be just a 1% increase from the 22% who reported a breach in 2017, it is important to understand that this is an increase of 8% from the stable percentages reported from 2013 through 2016.1 The 2018 survey report also revealed that security breaches fluctuated with firm size – 14% for solo law firms, 24% for firms employing 2-9 attorneys, approximately 24% for firms with 10-49 attorneys, 42% for firms with 50-99 attorneys, and approximately 31% for those firms employing 100 or more attorneys.
Latest Law Firm Security Breaches
The notorious criminal group called "The Dark Overlord" has a history of committing data breaches of high profile companies such as Gorilla Glue, Netflix, Larson Studios, multiple healthcare companies, and Little Red Door Cancer Agency. Their goal is simple – steal sensitive information and then extort payment from the victims by threatening to release the sensitive information to the public.
On December 31, 2018, this cybercriminal group announced to the world that they had acquired 18,000 documents containing highly sensitive legal information related to insurance based litigation connected to the 9/11 tragedy. The stolen information was the attorney/client property of Lloyd's of London, Silverstein Properties, and Hiscox Syndicates, Ltd. In its announcement, The Dark Overlord boasted that they were in possession of client sensitive information, such as: "emails; retainer agreements; non-disclosure agreements; settlements, litigation strategies; liability analysis; defense formation; collection of expert witness testimonies; communication with government officials in countries all over the world; voice mails; dealings with the FBI, USDOJ, DOD, confidential communications, and so much more."
Subsequent to the data breach, The Dark Overlord announced to the public that they designed a compensation plan that would allow for public crowd-funding for its organization to permit the public to view the stolen information in exchange for bitcoin payment. The more public funding it receives, the more stolen sensitive information will be unlocked and released to the public. It is estimated that this cybercriminal group already distributed information to the public on two separate occasions during the month of January 2019.
High profile cybersecurity breaches of law firms is nothing new – for example, the infamous Panama Papers breach, where cybercriminals leaked 11.5 million documents exposing the shadowy business of setting up offshore corporations as tax shelters for businesses, celebrities, and politicians - and the infamous Petya Malware attack which resulted in a digital lockdown of one of the world's largest law firms, DLA Piper. However, despite the infrequency of publicized cyber-attacks of law firms by the media, the FBI has recently announced that law firms should expect an increase in security attacks by cybercriminals because law firms are now viewed as "one-stop shops" for cybercriminals. Therefore, in order to combat the inevitable increase in cyber-attacks, law firms must get prepared.
How Law Firms Can Protect Themselves
All law firms will agree that the most serious consequence of a security breach for their firm would be the unauthorized access to sensitive client data. The American Bar Association's Model Rules of Professional Conduct, specifically Rules 1.1 and 1.62 and related Comments, require an attorney to take competent and reasonable measures to safeguard information relating to their clients. This duty to "safeguard' information imposes a significant challenge to firms when using technology in connection with protecting client information because most law firms are not savvy with technology and lack proper cyber security training.
In order for a law firm to protect itself from security breaches and inadvertently violate its duty of safeguarding a client's sensitive information, it is important to take the following actions:
- Start by taking an inventory and risk assessment of the firm to determine what needs to be protected – the inventory should include both technology and data;
- Develop, implement and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations;
- Ensure the cybersecurity program addresses people, policies and procedures, and technology. The cybersecurity program must designate an individual or a group to be in charge and coordinate security;
- Develop an incident response plan scaled to the size of the firm;
- Continually train staff and attorneys to identify and understand potential cybersecurity threats;
- Consider implementing a third-party assessment of firm's cybersecurity program and policies;
- Purchase cyber liability for insurance which not only covers first party losses to law firms (like lost productivity, data restoration, and legal expenses) but also liability protection to third parties;
- Implement authentication and access controls for network, computers and mobile devices used by the firm's staff and attorneys;
- Consider the use of full-drive encryption for computers and mobile devices;
- Have staff and attorneys avoid and/or limit the use of public WiFi when working remotely; and
- Create a disaster recovery plan to backup all data in the event of a cyber-attack or natural catastrophe.
Continually reviewing, implementing, training and updating a firm's cybersecurity program and protocols will help safeguard sensitive and confidential client information and/or data. No law firm wants to be the next data breach headline – so take the necessary steps to avoid a potential disaster.
1 Past ABA Legal Technology Surveys reported 14% in 2016, 15% in 2015, 14% in 2014 and 15% in 2013.
2 On November 1, 2018, California adopted ethics rules patterned after the ABA Model Rules of Professional Conduct.
Ivo Daniele is a seasoned associate in Newmeyer & Dillion's Walnut Creek office. His practice includes representing private and public companies with both their transactional and litigation needs. You can reach Ivo at ivo.daniele@ndlf.com.
About Newmeyer & Dillion
For almost 35 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business law, privacy & data security, employment, real estate, construction, insurance law and trial work, Newmeyer & Dillion delivers legal services tailored to meet each client's needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
DOD Contractors Receive Reprieve on Implementation of Chinese Telecommunications Ban
September 14, 2020 —
Lori Ann Lange & Sabah Petrov - Peckar & AbramsonIn our previous
alert, we discussed the expansion on the Section 889(a)(1)(B) ban on certain Chinese telecommunications equipment and services to contractors and subcontractors who use the equipment and services in their internal operations. Effective August 13, 2020, federal agencies were prohibited from procuring, obtaining, extending, or renewing a contract with a contractor that uses equipment, systems, or services that use covered telecommunications equipment or services as a substantial or essential component or as critical technology, unless an exception applies or a waiver is granted. Since then we have received feedback from contractors, complaining about the difficulties in determining whether their internal operations use covered telecommunications equipment and services and the need for additional time to become compliant or even obtain enough information to submit a waiver request.
Now it seems that Department of Defense (DoD) contractors and subcontractors may be getting a temporary reprieve. The DoD Under Secretary for Acquisition and Sustainment requested a waiver that would allow DoD to continue to execute procurement actions providing supplies, equipment, services, food, clothing, transportation, care, and support necessary to execute the DoD mission. The Director of National Intelligence granted the temporary waiver until September 30, 2020 pending a further review of waiver request. Depending upon the outcome of this additional review, the temporary waiver may be continued beyond September 30, 2020 if it is in the national security interests of the United States.
Reprinted courtesy of
Lori Ann Lange, Peckar & Abramson and
Sabah Petrov, Peckar & Abramson
Ms. Lange may be contacted at llange@pecklaw.com
Ms. Petrov may be contacted at spetrov@pecklaw.com
Read the court decisionRead the full story...Reprinted courtesy of
Trump’s Infrastructure Weak
June 21, 2017 —
Garret Murai - California Construction Law BlogThis past week was President Trump’s “Infrastructure Week.” A week dedicated, according to the White House’s official blog, “to addressing America’s crumbling infrastructure” and to try to build support for the President’s campaign promise to invest “at least” $1 trillion on improving the nation’s infrastructure.
For the construction industry it was going to be an exciting week. Not only because it could mean new opportunities for the industry but from a policy perspective our nation’s infrastructure, which recently received a grade of D+ from the American Society of Engineers, is in dire need of investment.
But Infrastructure Week ended up being more like Infrastructure Weak. No infrastructure bills were signed or introduced, no executive orders were issued, and no new departments or commissions were created, although at the end of the week President Trump promised to form a “council” and “office” to review the environmental permitting process.
Read the court decisionRead the full story...Reprinted courtesy of
Garret Murai, Wendel Rosen Black & Dean LLPMr. Murai may be contacted at
gmurai@wendel.com
CEB’s Mechanics Liens and Related Remedies – 2014 Update
November 26, 2014 —
Garret Murai – California Construction Law BlogI’ve been writing for the CEB – the Continuing Education of the Bar – which publishes legal practice guides for lawyers for some time now.
But I don’t think I’ve been quite as excited to write for the CEB than writing for its publication, California Mechanics Liens and Related Construction Remedies, for the first time this year. Particularly, since it’s one of the first publications I used as a young lawyer to learn about construction law, and still use today.
Read the court decisionRead the full story...Reprinted courtesy of
Garret Murai, Wendel Rosen Black & Dean LLPMr. Murai may be contacted at
gmurai@wendel.com
Unlicensed Contractors Nabbed in Sting Operation
September 09, 2011 —
CDJ STAFFThe California State License Board charged sixteen people in the Fresno area with accepting contracting jobs without licenses. The Statewide Investigative Fraud Team of the CSLB set up a sting operation at a home in Clovis, California seeking bids on tree service, painting, and general contracting services. Those who bid for jobs at more than $500 are required under California law to be licensed. Unlicensed contractors can only work on jobs with a cost to the homeowner of less than $500 and must inform the homeowner that they are not licensed.
In addition to citing contractors for not possessing appropriate licenses, the CSLB also cited contractors for failure to carry workers compensation insurance and illegal advertising. Further, California law limits down payments to the lesser of ten percent or $1,000. Two contractors were cited for requesting excessive down payments.
One contractor, an unlicensed tree service contractor, had been cited previously in a sting operation. He failed to show up for his court date.
Read the full story…
Read the court decisionRead the full story...Reprinted courtesy of
Pennsylvania Court Extends Construction Defect Protections to Subsequent Buyers
December 20, 2012 —
CDJ STAFFThe Pennsylvania courts have long held that there is an implied warranty of habitability for the initial purchaser of a home. Now, as some defects may not immediately show up, the court has extended that implied warranty to second and subsequent purchasers. As Marc D. Brookman, David I. Haas, and Christopher Bender of Duane Morris note, “this judicially created doctrine shifts the risk of a latent defect in the construction of a new home from the purchaser to the builder-vendor.”
The Pennsylvania Supreme Court concluded that a contractual relationship is not needed for an implied warranty of habitability. The court’s concern was inequalities would result when a home was sold while other homes were protected by being within the statute of repose.
Read the court decisionRead the full story...Reprinted courtesy of
Florida SB 2022-736: Construction Defect Claims
February 07, 2022 —
Kelly A. Johnson - Saxe Doernberger & Vita, P.C.*Special thank you to SDV Law Clerk Iliriana Fteja for contributing to this article.
A new bill (SB 2022-736) was recently introduced to the Florida Senate. The proposed amendments to the statutes of limitations and repose could significantly impact construction defect claims by effectively creating additional exposure to contractors and insurance carriers.
The proposed bill requires all actions founded on the design, planning, or construction of an improvement to real property to be commenced within four years after the time to commence an action begins. Under the proposed amendment, the time to commence an action runs from the date of actual possession by the owner, the date of the issuance of a certificate of occupancy, the date of abandonment of construction if not completed, or the date of completion of the contract or termination of the contract between the professional engineer, registered architect, or licensed contractor and their employer. This provision would effectively alter the time to commence an action to whichever triggering event is earliest instead of the latest triggering event per the previous statute.
Read the court decisionRead the full story...Reprinted courtesy of
Kelly A. Johnson, Saxe Doernberger & Vita, P.C.Ms. Johnson may be contacted at
KJohnson@sdvlaw.com
Considerations in Obtaining a Mechanic’s Lien in Maryland (Don’t try this at home)
February 23, 2016 —
Christopher G. Hill – Construction Law MusingsFor this week’s Guest Post Friday at Construction Law Musings I welcome Matthew Evans. Matt is the owner of
Law Offices of Matthew S. Evans, III, LLC located in Annapolis, Maryland. He has practiced construction, real estate and land use law in Maryland and D.C. for thirteen years. Prior to opening his own firm in May 2011, Mr. Evans was a partner at a mid-sized firm in Anne Arundel County, Maryland. Mr. Evans lives in Historic Annapolis (only three short blocks from his office) with his wife Margaret, and three children, Matthew (5), Bo (4) and Peyton (2).
Some of the most common calls I get are from irate contractor or subcontractor clients who have not been paid demanding that I “lien the property”. Many times after calming the client down, I determine, to their dismay, that they are not entitled to a mechanic’s lien. In Maryland, the mechanic’s lien law is driven by statute, which contains specific requirements which must be met before the client is entitled to a lien.
The first question is whether the contractor or subcontractor is entitled to a lien for the work performed. Under Maryland law, “every building erected and every building repaired, rebuilt, or improved to the extent of 15 percent of its value is subject to establishment of a lien…for the payment of all debts.” It’s easy when dealing with new construction. No matter how small your portion of the work, the property is subject to the establishment of a lien. It is more difficult to determine entitlement when there is either a total or partial renovation or other work. The question becomes how do you determine the value of the building, and whether it has been improved “to the extent of 15 percent of its value.” Believe me, I have seen creative and some not so creative methods of calculation used by counsel to prove that certain work does or does not meet the requirement.
Read the court decisionRead the full story...Reprinted courtesy of
Christopher G. Hill, Law Office of Christopher G. Hill, PCMr. Hill may be contacted at
chrisghill@constructionlawva.com