The "Dark Overlord" Strikes The Practice Of Law: What Law Firms Can Do To Protect Themselves
April 17, 2019 —
Ivo G. Danielle – Newmeyer & DillionCybersecurity breaches involving law firms are on the rise with each passing year. Law firms are prime targets for cyber criminals seeking confidential and sensitive information because of the various types of legal work that law firms normally handle for their clients. Whether it be mergers and acquisitions, the use of intellectual property, purchase agreements, bankruptcy or even litigation involving divorce, law firms are a rich depository for highly confidential and sensitive information. As a result, law firms must employ comprehensive security measures to protect themselves from security breaches or risk being on the losing end of a costly malpractice claim, and suffer severe reputational harm.
Law Firms Continue To Be Targeted By Cybercriminals
According to the American Bar Association ("ABA") 2018 Legal Technology Survey Report, 23% of the law firms who participated in the survey reported that their law firm experienced a data breach. Although this may be just a 1% increase from the 22% who reported a breach in 2017, it is important to understand that this is an increase of 8% from the stable percentages reported from 2013 through 2016.1 The 2018 survey report also revealed that security breaches fluctuated with firm size – 14% for solo law firms, 24% for firms employing 2-9 attorneys, approximately 24% for firms with 10-49 attorneys, 42% for firms with 50-99 attorneys, and approximately 31% for those firms employing 100 or more attorneys.
Latest Law Firm Security Breaches
The notorious criminal group called "The Dark Overlord" has a history of committing data breaches of high profile companies such as Gorilla Glue, Netflix, Larson Studios, multiple healthcare companies, and Little Red Door Cancer Agency. Their goal is simple – steal sensitive information and then extort payment from the victims by threatening to release the sensitive information to the public.
On December 31, 2018, this cybercriminal group announced to the world that they had acquired 18,000 documents containing highly sensitive legal information related to insurance based litigation connected to the 9/11 tragedy. The stolen information was the attorney/client property of Lloyd's of London, Silverstein Properties, and Hiscox Syndicates, Ltd. In its announcement, The Dark Overlord boasted that they were in possession of client sensitive information, such as: "emails; retainer agreements; non-disclosure agreements; settlements, litigation strategies; liability analysis; defense formation; collection of expert witness testimonies; communication with government officials in countries all over the world; voice mails; dealings with the FBI, USDOJ, DOD, confidential communications, and so much more."
Subsequent to the data breach, The Dark Overlord announced to the public that they designed a compensation plan that would allow for public crowd-funding for its organization to permit the public to view the stolen information in exchange for bitcoin payment. The more public funding it receives, the more stolen sensitive information will be unlocked and released to the public. It is estimated that this cybercriminal group already distributed information to the public on two separate occasions during the month of January 2019.
High profile cybersecurity breaches of law firms is nothing new – for example, the infamous Panama Papers breach, where cybercriminals leaked 11.5 million documents exposing the shadowy business of setting up offshore corporations as tax shelters for businesses, celebrities, and politicians - and the infamous Petya Malware attack which resulted in a digital lockdown of one of the world's largest law firms, DLA Piper. However, despite the infrequency of publicized cyber-attacks of law firms by the media, the FBI has recently announced that law firms should expect an increase in security attacks by cybercriminals because law firms are now viewed as "one-stop shops" for cybercriminals. Therefore, in order to combat the inevitable increase in cyber-attacks, law firms must get prepared.
How Law Firms Can Protect Themselves
All law firms will agree that the most serious consequence of a security breach for their firm would be the unauthorized access to sensitive client data. The American Bar Association's Model Rules of Professional Conduct, specifically Rules 1.1 and 1.62 and related Comments, require an attorney to take competent and reasonable measures to safeguard information relating to their clients. This duty to "safeguard' information imposes a significant challenge to firms when using technology in connection with protecting client information because most law firms are not savvy with technology and lack proper cyber security training.
In order for a law firm to protect itself from security breaches and inadvertently violate its duty of safeguarding a client's sensitive information, it is important to take the following actions:
- Start by taking an inventory and risk assessment of the firm to determine what needs to be protected – the inventory should include both technology and data;
- Develop, implement and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations;
- Ensure the cybersecurity program addresses people, policies and procedures, and technology. The cybersecurity program must designate an individual or a group to be in charge and coordinate security;
- Develop an incident response plan scaled to the size of the firm;
- Continually train staff and attorneys to identify and understand potential cybersecurity threats;
- Consider implementing a third-party assessment of firm's cybersecurity program and policies;
- Purchase cyber liability for insurance which not only covers first party losses to law firms (like lost productivity, data restoration, and legal expenses) but also liability protection to third parties;
- Implement authentication and access controls for network, computers and mobile devices used by the firm's staff and attorneys;
- Consider the use of full-drive encryption for computers and mobile devices;
- Have staff and attorneys avoid and/or limit the use of public WiFi when working remotely; and
- Create a disaster recovery plan to backup all data in the event of a cyber-attack or natural catastrophe.
Continually reviewing, implementing, training and updating a firm's cybersecurity program and protocols will help safeguard sensitive and confidential client information and/or data. No law firm wants to be the next data breach headline – so take the necessary steps to avoid a potential disaster.
1 Past ABA Legal Technology Surveys reported 14% in 2016, 15% in 2015, 14% in 2014 and 15% in 2013.
2 On November 1, 2018, California adopted ethics rules patterned after the ABA Model Rules of Professional Conduct.
Ivo Daniele is a seasoned associate in Newmeyer & Dillion's Walnut Creek office. His practice includes representing private and public companies with both their transactional and litigation needs. You can reach Ivo at ivo.daniele@ndlf.com.
About Newmeyer & Dillion
For almost 35 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business law, privacy & data security, employment, real estate, construction, insurance law and trial work, Newmeyer & Dillion delivers legal services tailored to meet each client's needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
SB800 Not the Only Remedy for Construction Defects
October 01, 2013 —
CDJ STAFF“We anticipate an increase in residential construction defect litigation in response to this ruling,” David Frenznic, a construction defect lawyer at Wilke, Fleury, Hoffelt, Gould & Birney LLP told the Central Valley Business Times. Mr. Frenznic was responding to an August ruling by the California Court of Appeals that found that SB800 does not create the only remedy for homeowners with construction defects.
“Homeowners who suffer actual damage as a result of construction defects have a choice of remedies,” said Mr. Frenznick. SB800 established a shorter statute of limitations for construction defect claims, however, “the ruling makes clear that common law claims are still governed by the longer statues of limitations.”
Read the court decisionRead the full story...Reprinted courtesy of
Formal Request for Time Extension Not Always Required to Support Constructive Acceleration
April 25, 2022 —
David Adelstein - Florida Construction Legal UpdatesDoes a constructive acceleration claim require the contractor to always request an extension of time which is then denied by the owner? While this is certainly the preference and the contractor should be requesting an extension of time as a matter of course for an excusable delay, the answer is NO! in certain circumstances. This is conveyed in the factually detailed case discussed below where a formal request for an extension of time was not required for the contractor to support its constructive acceleration claim.
But first, what is constructive acceleration:
Constructive acceleration “occurs when the government demands compliance with an original contract deadline, despite excusable delay by the contractor.” The Federal Circuit in Fraser defined the elements of constructive acceleration as follows:
(1) that the contractor encountered a delay that is excusable under the contract; (2) that the contractor made a timely and sufficient request for an extension of the contract schedule; (3) that the government denied the contractor’s request for an extension or failed to act on it within a reasonable time; (4) that the government insisted on completion of the contract within a period shorter than the period to which the contractor would be entitled by taking into account the period of excusable delay, after which the contractor notified the government that it regarded the alleged order to accelerate as a constructive change in the contract; and (5) that the contractor was required to expend extra resources to compensate for the lost time and remain on schedule.
Nova Group/Tutor-Saliba v. U.S., 2022 WL 815826, *42 (Fed.Cl. 2022) quoting Fraser Constr. Co. v. U.S., 384 F.3d 1354, 1361 (Fed. Cir. 2004) (internal citations omitted).
Read the court decisionRead the full story...Reprinted courtesy of
David Adelstein, Kirwin Norris, P.A.Mr. Adelstein may be contacted at
dma@kirwinnorris.com
Report Highlights Trends in Construction Tech, Digitization, and AI
November 11, 2024 —
Aarni Heiskanen - AEC BusinessBluebeam, a top technology provider for AEC professionals, has just released its “Building the Future: Bluebeam AEC Technology Outlook 2025” report. This report highlights key global trends in construction technology, including the role of AI and digital tools. Based on insights from over 400 AEC technology leaders, the report also uncovers challenges that prevent full-scale adoption of these tools.
The online research surveyed technology decision-makers (managers or above) within AEC firms in the US, UK, Canada, France, Spain, Germany, Australia, and New Zealand in July 2024.
AI’s Growing Role in Construction
According to the report, 74% of surveyed AEC professionals are now using AI in one or more phases of building projects. AI is especially popular in the design (48%) and planning (42%) stages. Many AEC firms recognize its value: over half (55%) of companies using AI say it’s crucial, and most now allocate up to 25% of their budgets to AI initiatives. Despite this support, concerns over AI regulation are significant. About 54% of respondents are worried about regulations, and 44% say this impacts their use of AI.
Read the court decisionRead the full story...Reprinted courtesy of
Aarni Heiskanen, AEC BusinessMr. Heiskanen may be contacted at
aec-business@aepartners.fi
Colorado Senate Bill 13-052 Dies in Committee
May 10, 2013 —
David M. McLainOn April 17, 2013, the Colorado Senate Judiciary Committee voted, along party lines, to postpone indefinitely SB 52. Here is a link to the Denver Business Journal's story regarding the bill and its untimely demise: "Lawmakers kill lawsuit limits on condo defects."
Unfortunately, it will be at least another year before the legislature will have the ability to provide some much needed relief to the Colorado construction industry.
Read the court decisionRead the full story...Reprinted courtesy of
David M. McLainMr. McLain can be contacted at
mclain@hhmrlaw.com
Factor the Factor in Factoring
May 03, 2017 —
David Adelstein - Florida Construction Legal UpdatesWhat is factoring? Have you heard this term used in the business context? Factoring is not uncommon in the business world. It comes up when a business is in need of cash (immediate cash flow) and sells/assigns money owed under accounts receivable to a third party known as a factor. The factor purchases the accounts receivable at a discount in consideration of an assignment of the full value of the accounts receivable from the debtor (the entity that owes the money under the accounts receivable). The factoring arrangement is a recognized relationship, implicates Florida’s Uniform Commercial Code, and places obligations on the debtor to pay the factor directly for the accounts receivable upon notice of the assignment.
Read the court decisionRead the full story...Reprinted courtesy of
David Adelstein, Florida Construction Legal UpdatesMr. Adelstein may be contacted at
Dadelstein@gmail.com
Insurance Policy’s “No Voluntary Payment” Clauses Lose Some Bite in Colorado
October 22, 2013 —
Brady Iandiorio — Higgins, Hopkins, McLain & Roswell, LLC.The Colorado Court of Appeals recently handed down an opinion dulling the teeth of the “no voluntary payment” clauses found in many contractors’ insurance policies. In the case of Stresscon Corporation v. Travelers Property Casualty Company of America, 2013 WL 4874352 (Colo. App. 2013), the Court of Appeals found that an insured’s breach of the “no voluntary payment” clause does not always bar the insured from receiving benefits from its insurance company.
In July 2007, at a construction project run by Mortenson (the “GC”), a partially erected building collapsed, killing one worker and gravely injuring another. The collapse was caused by a crane hook pulling a concrete component off of its supports. The GC contracted with Stresscon Corporation (“Stresscon”) to build pre-cast concrete components for the project, and in turn Stresscon hired two sub-subcontractors, RMS and Hardrock (the “Crane Team”) to work together to erect those concrete components. Stresscon and the Crane Team had liability insurance, and Stresscon was insured by Travelers Property Casualty Company of America (“Travelers”).
The accident led to three separate lawsuits: 1) one brought by the deceased worker; 2) one brought by the injured worker; and 3) one brought by the GC against Stresscon claiming it was entitled to contract damages incurred because the project was delayed.
Read the court decisionRead the full story...Reprinted courtesy of
Brady IandiorioBrady Iandiorio can be contacted at
Iandiorio@hhmrlaw.com
Contractor Pleads Guilty to Disadvantaged-Business Fraud
November 17, 2016 —
Tom Ichniowski – Engineering News-RecordIn the latest development in a federal small disadvantaged-business case, a construction company executive has pleaded guilty to a charge of conspiring to commit wire fraud.
Read the court decisionRead the full story...Reprinted courtesy of
Tom Ichniowski, Engineering News-RecordMr. Ichniowski may be contacted at
ichniowskit@enr.com
