The "Dark Overlord" Strikes The Practice Of Law: What Law Firms Can Do To Protect Themselves
April 17, 2019 —
Ivo G. Danielle – Newmeyer & DillionCybersecurity breaches involving law firms are on the rise with each passing year. Law firms are prime targets for cyber criminals seeking confidential and sensitive information because of the various types of legal work that law firms normally handle for their clients. Whether it be mergers and acquisitions, the use of intellectual property, purchase agreements, bankruptcy or even litigation involving divorce, law firms are a rich depository for highly confidential and sensitive information. As a result, law firms must employ comprehensive security measures to protect themselves from security breaches or risk being on the losing end of a costly malpractice claim, and suffer severe reputational harm.
Law Firms Continue To Be Targeted By Cybercriminals
According to the American Bar Association ("ABA") 2018 Legal Technology Survey Report, 23% of the law firms who participated in the survey reported that their law firm experienced a data breach. Although this may be just a 1% increase from the 22% who reported a breach in 2017, it is important to understand that this is an increase of 8% from the stable percentages reported from 2013 through 2016.1 The 2018 survey report also revealed that security breaches fluctuated with firm size – 14% for solo law firms, 24% for firms employing 2-9 attorneys, approximately 24% for firms with 10-49 attorneys, 42% for firms with 50-99 attorneys, and approximately 31% for those firms employing 100 or more attorneys.
Latest Law Firm Security Breaches
The notorious criminal group called "The Dark Overlord" has a history of committing data breaches of high profile companies such as Gorilla Glue, Netflix, Larson Studios, multiple healthcare companies, and Little Red Door Cancer Agency. Their goal is simple – steal sensitive information and then extort payment from the victims by threatening to release the sensitive information to the public.
On December 31, 2018, this cybercriminal group announced to the world that they had acquired 18,000 documents containing highly sensitive legal information related to insurance based litigation connected to the 9/11 tragedy. The stolen information was the attorney/client property of Lloyd's of London, Silverstein Properties, and Hiscox Syndicates, Ltd. In its announcement, The Dark Overlord boasted that they were in possession of client sensitive information, such as: "emails; retainer agreements; non-disclosure agreements; settlements, litigation strategies; liability analysis; defense formation; collection of expert witness testimonies; communication with government officials in countries all over the world; voice mails; dealings with the FBI, USDOJ, DOD, confidential communications, and so much more."
Subsequent to the data breach, The Dark Overlord announced to the public that they designed a compensation plan that would allow for public crowd-funding for its organization to permit the public to view the stolen information in exchange for bitcoin payment. The more public funding it receives, the more stolen sensitive information will be unlocked and released to the public. It is estimated that this cybercriminal group already distributed information to the public on two separate occasions during the month of January 2019.
High profile cybersecurity breaches of law firms is nothing new – for example, the infamous Panama Papers breach, where cybercriminals leaked 11.5 million documents exposing the shadowy business of setting up offshore corporations as tax shelters for businesses, celebrities, and politicians - and the infamous Petya Malware attack which resulted in a digital lockdown of one of the world's largest law firms, DLA Piper. However, despite the infrequency of publicized cyber-attacks of law firms by the media, the FBI has recently announced that law firms should expect an increase in security attacks by cybercriminals because law firms are now viewed as "one-stop shops" for cybercriminals. Therefore, in order to combat the inevitable increase in cyber-attacks, law firms must get prepared.
How Law Firms Can Protect Themselves
All law firms will agree that the most serious consequence of a security breach for their firm would be the unauthorized access to sensitive client data. The American Bar Association's Model Rules of Professional Conduct, specifically Rules 1.1 and 1.62 and related Comments, require an attorney to take competent and reasonable measures to safeguard information relating to their clients. This duty to "safeguard' information imposes a significant challenge to firms when using technology in connection with protecting client information because most law firms are not savvy with technology and lack proper cyber security training.
In order for a law firm to protect itself from security breaches and inadvertently violate its duty of safeguarding a client's sensitive information, it is important to take the following actions:
- Start by taking an inventory and risk assessment of the firm to determine what needs to be protected – the inventory should include both technology and data;
- Develop, implement and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations;
- Ensure the cybersecurity program addresses people, policies and procedures, and technology. The cybersecurity program must designate an individual or a group to be in charge and coordinate security;
- Develop an incident response plan scaled to the size of the firm;
- Continually train staff and attorneys to identify and understand potential cybersecurity threats;
- Consider implementing a third-party assessment of firm's cybersecurity program and policies;
- Purchase cyber liability for insurance which not only covers first party losses to law firms (like lost productivity, data restoration, and legal expenses) but also liability protection to third parties;
- Implement authentication and access controls for network, computers and mobile devices used by the firm's staff and attorneys;
- Consider the use of full-drive encryption for computers and mobile devices;
- Have staff and attorneys avoid and/or limit the use of public WiFi when working remotely; and
- Create a disaster recovery plan to backup all data in the event of a cyber-attack or natural catastrophe.
Continually reviewing, implementing, training and updating a firm's cybersecurity program and protocols will help safeguard sensitive and confidential client information and/or data. No law firm wants to be the next data breach headline – so take the necessary steps to avoid a potential disaster.
1 Past ABA Legal Technology Surveys reported 14% in 2016, 15% in 2015, 14% in 2014 and 15% in 2013.
2 On November 1, 2018, California adopted ethics rules patterned after the ABA Model Rules of Professional Conduct.
Ivo Daniele is a seasoned associate in Newmeyer & Dillion's Walnut Creek office. His practice includes representing private and public companies with both their transactional and litigation needs. You can reach Ivo at ivo.daniele@ndlf.com.
About Newmeyer & Dillion
For almost 35 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business law, privacy & data security, employment, real estate, construction, insurance law and trial work, Newmeyer & Dillion delivers legal services tailored to meet each client's needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
But Wait There’s More: Preserving Claims on Commonwealth Projects
February 07, 2018 —
Wally Zimolong - Supplemental Conditions BlogOn construction projects owned by the Commonwealth of Pennsylvania, a contractor may make a claim with the Board of Claims. But first, you must be aware of two limitations periods that could cause you to waive your claim if they are not met.
Read the court decisionRead the full story...Reprinted courtesy of
Wally Zimolong, Zimolong LLCMr. Zimolong may be contacted at
wally@zimolonglaw.com
Contractor Prevails on Summary Judgment To Establish Coverage under Subcontractor's Policy
June 07, 2021 —
Tred R. Eyerly - Insurance Law HawaiiWhen sued for construction defects caused by the subcontractor, the general contractor was granted summary judgment on the issue of coverage under the subcontractor's policy. Meritage Homes of Ga. v. Grange Ins. Co., 2021 U.S. Dist. LEXIS 84591 (N.D. Ga. March 23, 2021).
Meritage built a home for the owners. Easterwood Excavating, Inc. was the subcontractor for excavation and grading work. Meritage was named an additional insured under Easterwood's policy with Grange.
After construction was completed, the owners were experiencing severe flooding after rain storms purportedly due to defects in the grading, site preparation and excavation. The owners filed an arbitration against Meritage for damages. The owners alleged that Meritage improperly excavated and graded their lot, causing water to collect and pool in their yard. Meritage denied all liability and looked to Easterwood and Grange for defense and indemnification. Grange denied coverage, contending there was no occurrence which resulted in property damage. The arbitrator found that the folding of water was caused by Meritage's improper grading of the lot. A Final Award in the amount of $129,530.93 was issued against Meritage.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly, Damon Key Leong Kupchak HastertMr. Eyerly may be contacted at
te@hawaiilawyer.com
Appraisers’ Failure to Perform Assessment of Property’s Existence or Damage is Reversible Error
July 30, 2015 —
Christopher Kendrick and Valerie A. Moore – Haight Brown & Bonesteel LLPIn Lee v. California Capital Insurance Co. (No. A136280; filed 6/18/15), a California Court of Appeal held that it was error for an appraisal panel to assign loss values to items simply because they were listed in the insured’s scope of loss, and regardless of whether inspection revealed they were undamaged or never existed.
California Capital insured a twelve unit apartment building owned by Ms. Lee in Oakland, California. When a fire damaged one unit, the insurer prepared an estimate of $69,255 and paid an undisputed amount of $46,755, which was the amount of the estimate less depreciation and the deductible.
But Ms. Lee claimed that six of the units had been damaged, and she retained a public adjuster who submitted a claim exceeding $800,000. This included cleaning, asbestos abatement, reconstruction of the affected apartments, and loss of rent. She claimed burn damage to one unit and smoke damage requiring complete replacement of all the interior rooms of five apartments, along with removal of a portion of the stucco exterior and iron balcony railings and repainting of the entire building.
Reprinted courtesy of
Christopher Kendrick, Haight Brown & Bonesteel LLP and
Valerie A. Moore, Haight Brown & Bonesteel LLP
Mr. Kendrick may be contacted at ckendrick@hbblaw.com; Ms. Moore may be contacted at vmoore@hbblaw.com
Read the court decisionRead the full story...Reprinted courtesy of
What a Difference a Day Makes: Mississippi’s Discovery Rule
November 16, 2023 —
William L. Doerler - The Subrogation StrategistThe discovery rule applies to latent injuries, such that the statute of limitations does not begin to run until the plaintiff knows of or should have known of the injury. In Western World Ins. Group v. KC Welding, LLC, No. 2022-CA-00527-SCT, 2023 Miss. LEXIS 278 (KC Welding), a majority of the justices on the Supreme Court of Mississippi (Supreme Court) affirmed the trial court’s ruling that Western World Insurance Group (Insurer) filed its lawsuit one day late. Thus, the statute of limitations barred Insurer’s lawsuit.
In KC Welding, on July 12, 2018, KC Welding, LLC (KC Welding) sent an employee to Sunbelt Shavings, LLC (Sunbelt) to repair the door of a box containing wood chips. Sunbelt’s employees discovered that KC Welding employees were welding a storage bin that had not been emptied of wood chips and Sunbelt’s employees asked KC Welding’s employees to leave. After that, Sunbelt’s employees attempted to soak the area with water. Later than night, a fire started on Sunbelt’s property, apparently as the result of smoldering wood shavings, a fire that was extinguished on July 13, 2018.
Read the court decisionRead the full story...Reprinted courtesy of
William L. Doerler, White and Williams LLPMr. Doerler may be contacted at
doerlerw@whiteandwilliams.com
U.S. Supreme Court Allows Climate Change Lawsuits to Proceed in State Court
May 01, 2023 —
George Leahy - Lewis BrisboisWashington, D.C. (April 25, 2023) - On Monday, April 24, the U.S. Supreme Court refused to hear appeals by several major energy companies that sought to remove lawsuits filed by state and local governments from state court into federal court. The Court’s
certiorari denials reject companies’ appeals in five separate cases, which involved claims brought by municipalities in Colorado, Maryland, California, Hawaii, and Rhode Island. Each municipality claims that it has been harmed by the effects of climate change, allegedly attributed to the companies’ carbon emissions.
The Court’s denials effectively allow the lawsuits to continue in state court, often seen as favorable for plaintiffs due to a greater potential for jury trials and associated damages awards than might be available in federal court. Following a
2021 Supreme Court ruling in a related case that granted the companies an additional chance to argue that their cases should be heard in federal court, the lower federal appeals courts in each of the five cases concluded that the companies had not established sufficient grounds to establish proper venue and jurisdiction in federal court. The Supreme Court’s April 24 denial leaves those decisions unaltered, allowing the lawsuits to continue in state court for further consideration.
Read the court decisionRead the full story...Reprinted courtesy of
George Leahy, Lewis Brisbois
Bay Area Firm Offers Construction Consulting to Remodels
October 02, 2013 —
CDJ STAFFHomeowners sometimes aren’t too clear on questions of “building codes, permit process or where to find the right materials,” according to Benoni Mocanu, the owner of MB Development. He’s ready to step in an help by offering construction consulting to homeowners doing their own remodeling projects. In addition to providing the advice to help them through their projects, they’re ready to step in if a homeowner finds that they can’t finish the project.
Read the court decisionRead the full story...Reprinted courtesy of
At Long Last, the Colorado Legislature Gets Serious About Construction Defect Reform – In a Constructive Way
February 12, 2024 —
David McLain - Higgins, Hopkins, McLain & Roswell, LLCOn February 5th, Senators Zenzinger and Coleman, along with Representative Bird, introduced Senate Bill 24-106 into the Colorado Legislature. The bill has been assigned to the Senate Committee on Local Government and Housing. What follows are the various portions of the bill I believe to be the most impactful, as described in the bill summary, along with my commentary thereon:
Sections 3 and 6 – A True Right to Repair
Sections 3 and 6 create a right for a construction professional to remedy a claim made against the construction professional by doing remedial work or hiring another construction professional to perform the work. The following applies to the remedy:
- The construction professional must notify the claimant and diligently make sure the remedial work is performed; and
- Upon completion, the claimant is deemed to have settled and released the claim, and the claimant is limited to claims regarding improper performance of the remedial work.
Read the court decisionRead the full story...Reprinted courtesy of
David McLain, Higgins, Hopkins, McLain & Roswell, LLCMr. McLain may be contacted at
mclain@hhmrlaw.com
