The "Dark Overlord" Strikes The Practice Of Law: What Law Firms Can Do To Protect Themselves
April 17, 2019 —
Ivo G. Danielle – Newmeyer & DillionCybersecurity breaches involving law firms are on the rise with each passing year. Law firms are prime targets for cyber criminals seeking confidential and sensitive information because of the various types of legal work that law firms normally handle for their clients. Whether it be mergers and acquisitions, the use of intellectual property, purchase agreements, bankruptcy or even litigation involving divorce, law firms are a rich depository for highly confidential and sensitive information. As a result, law firms must employ comprehensive security measures to protect themselves from security breaches or risk being on the losing end of a costly malpractice claim, and suffer severe reputational harm.
Law Firms Continue To Be Targeted By Cybercriminals
According to the American Bar Association ("ABA") 2018 Legal Technology Survey Report, 23% of the law firms who participated in the survey reported that their law firm experienced a data breach. Although this may be just a 1% increase from the 22% who reported a breach in 2017, it is important to understand that this is an increase of 8% from the stable percentages reported from 2013 through 2016.1 The 2018 survey report also revealed that security breaches fluctuated with firm size – 14% for solo law firms, 24% for firms employing 2-9 attorneys, approximately 24% for firms with 10-49 attorneys, 42% for firms with 50-99 attorneys, and approximately 31% for those firms employing 100 or more attorneys.
Latest Law Firm Security Breaches
The notorious criminal group called "The Dark Overlord" has a history of committing data breaches of high profile companies such as Gorilla Glue, Netflix, Larson Studios, multiple healthcare companies, and Little Red Door Cancer Agency. Their goal is simple – steal sensitive information and then extort payment from the victims by threatening to release the sensitive information to the public.
On December 31, 2018, this cybercriminal group announced to the world that they had acquired 18,000 documents containing highly sensitive legal information related to insurance based litigation connected to the 9/11 tragedy. The stolen information was the attorney/client property of Lloyd's of London, Silverstein Properties, and Hiscox Syndicates, Ltd. In its announcement, The Dark Overlord boasted that they were in possession of client sensitive information, such as: "emails; retainer agreements; non-disclosure agreements; settlements, litigation strategies; liability analysis; defense formation; collection of expert witness testimonies; communication with government officials in countries all over the world; voice mails; dealings with the FBI, USDOJ, DOD, confidential communications, and so much more."
Subsequent to the data breach, The Dark Overlord announced to the public that they designed a compensation plan that would allow for public crowd-funding for its organization to permit the public to view the stolen information in exchange for bitcoin payment. The more public funding it receives, the more stolen sensitive information will be unlocked and released to the public. It is estimated that this cybercriminal group already distributed information to the public on two separate occasions during the month of January 2019.
High profile cybersecurity breaches of law firms is nothing new – for example, the infamous Panama Papers breach, where cybercriminals leaked 11.5 million documents exposing the shadowy business of setting up offshore corporations as tax shelters for businesses, celebrities, and politicians - and the infamous Petya Malware attack which resulted in a digital lockdown of one of the world's largest law firms, DLA Piper. However, despite the infrequency of publicized cyber-attacks of law firms by the media, the FBI has recently announced that law firms should expect an increase in security attacks by cybercriminals because law firms are now viewed as "one-stop shops" for cybercriminals. Therefore, in order to combat the inevitable increase in cyber-attacks, law firms must get prepared.
How Law Firms Can Protect Themselves
All law firms will agree that the most serious consequence of a security breach for their firm would be the unauthorized access to sensitive client data. The American Bar Association's Model Rules of Professional Conduct, specifically Rules 1.1 and 1.62 and related Comments, require an attorney to take competent and reasonable measures to safeguard information relating to their clients. This duty to "safeguard' information imposes a significant challenge to firms when using technology in connection with protecting client information because most law firms are not savvy with technology and lack proper cyber security training.
In order for a law firm to protect itself from security breaches and inadvertently violate its duty of safeguarding a client's sensitive information, it is important to take the following actions:
- Start by taking an inventory and risk assessment of the firm to determine what needs to be protected – the inventory should include both technology and data;
- Develop, implement and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations;
- Ensure the cybersecurity program addresses people, policies and procedures, and technology. The cybersecurity program must designate an individual or a group to be in charge and coordinate security;
- Develop an incident response plan scaled to the size of the firm;
- Continually train staff and attorneys to identify and understand potential cybersecurity threats;
- Consider implementing a third-party assessment of firm's cybersecurity program and policies;
- Purchase cyber liability for insurance which not only covers first party losses to law firms (like lost productivity, data restoration, and legal expenses) but also liability protection to third parties;
- Implement authentication and access controls for network, computers and mobile devices used by the firm's staff and attorneys;
- Consider the use of full-drive encryption for computers and mobile devices;
- Have staff and attorneys avoid and/or limit the use of public WiFi when working remotely; and
- Create a disaster recovery plan to backup all data in the event of a cyber-attack or natural catastrophe.
Continually reviewing, implementing, training and updating a firm's cybersecurity program and protocols will help safeguard sensitive and confidential client information and/or data. No law firm wants to be the next data breach headline – so take the necessary steps to avoid a potential disaster.
1 Past ABA Legal Technology Surveys reported 14% in 2016, 15% in 2015, 14% in 2014 and 15% in 2013.
2 On November 1, 2018, California adopted ethics rules patterned after the ABA Model Rules of Professional Conduct.
Ivo Daniele is a seasoned associate in Newmeyer & Dillion's Walnut Creek office. His practice includes representing private and public companies with both their transactional and litigation needs. You can reach Ivo at ivo.daniele@ndlf.com.
About Newmeyer & Dillion
For almost 35 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business law, privacy & data security, employment, real estate, construction, insurance law and trial work, Newmeyer & Dillion delivers legal services tailored to meet each client's needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
20 Wilke Fleury Attorneys Featured in Sacramento Magazine 2020 Top Lawyers!
August 24, 2020 —
Wilke FleuryCongratulations to Wilke Fleury’s featured attorneys who made the Sacramento Magazine’s Top Lawyer List for 2020!
Each attorney has been awarded an accolade in the following practice areas:
Kathryne Baldwin – Insurance
Dan Baxter – Business Litigation & Government Contracts
Adriana Cervantes – Medical Malpractice
Heather Claus – Health Care
Aaron Claxton – Health Care
Dan Egan – Bankruptcy and Creditor/Debtor
Samson Elsbernd – Employment & Labor
Danny Foster – Litigation Insurance
David Frenznick – Construction & Construction Litigation
George Guthrie – Real Estate & Construction Litigation
Ron Lamb – Medical Malpractice
Neal Lutterman – Medical Malpractice
Steve Marmaduke – Business/Corporate & Real Estate
Gene Pendergast – Estate Planning & Probate
Mike Polis – Health Care
Matthew Powell – Business Litigation
Bianca Samuel – Employment & Labor
Shannon Smith-Crowley – Legislative & Governmental Affairs
Spencer Turpen – Medical Malpractice
Steve Williamson – Business Litigation & Bankruptcy and Creditor/Debtor
Read the court decisionRead the full story...Reprinted courtesy of
Wilke Fleury
U.S. Stocks Fluctuate Near Record After Housing Data
February 25, 2014 —
Lu Wang and Callie Bost – BloombergU.S. stocks fluctuated near a record high after data showed slower growth in home prices and a drop in consumer confidence, while Macy’s Inc. and Home Depot Inc. reported higher-than-estimated earnings.
Macy’s and Home Depot rose at least 3.1 percent. Tesla Motors Inc. climbed 16 percent as Morgan Stanley more than doubled its projected price for the stock. Office Depot Inc. slumped 11 percent after reporting an unexpected loss. Tenet Healthcare Corp. declined 11 percent as its forecast missed analysts’ estimates.
The S&P 500 (SPX) gained 0.1 percent to 1,848.59 at 1:59 p.m. in New York, poised for the highest close ever. Earlier, the U.S. equity benchmark lost 0.4 percent. The Dow Jones Industrial Average advanced 14.05 points, or 0.1 percent, to 16,221.19. Trading in S&P 500 stocks was 7 percent below the 30-day average during this time of the day.
Ms. Wang may be contacted at lwang8@bloomberg.net; Ms. Bost may be contacted at cbost2@bloomberg.net
Read the court decisionRead the full story...Reprinted courtesy of
Lu Wang and Callie Bost, Bloomberg
Design Professional Asserting Copyright Infringement And Contributory Copyright Infringement
May 01, 2019 —
David Adelstein - Florida Construction Legal UpdatesStandard form construction contracts between an owner and design profesional will address copyright protection, as well as other contractual protections, associated with a design professional’s “instruments of service.” An owner negotiating an agreement with a design professional should consider alternative language that broadens the scope of the contractual license given to it with respect to the use of the design. Regardless, a design professional’s copyright infringement claim is still a challenging claim to ultimately prevail on. While a design professional may likely survive the motion to dismiss stage in a copyright infringement claim, whether it survives the summary judgment stage is another, more challenging, story.
“To state a claim for copyright infringement a plaintiff [design professional] must assert [and prove the following two prongs]: ‘(1) ownership of a valid copyright, and (2) copying of constituent elements of the work that are original.’” Robert Swedroe Architect Planners, A.I.A., P.A. v. J. Milton & Associates, Inc., 2019 WL 1059836, *3 (S.D.Fla. 2019) quoting Feist Publ’ns, Inc. v. Rural Tel. Serv. Co., Inc., 499 U.S. 340, 361 (1991).
In the first prong, the design professional must establish it complied with statutory formalities to own a valid copyright. Id.
In the second prong, the design professional must establish that the defendant copied constituent elements that are original. Id.
There is also a claim known as contributory copyright infringement.
Read the court decisionRead the full story...Reprinted courtesy of
David Adelstein, Kirwin NorrisMr. Adelstein may be contacted at
dadelstein@gmail.com
Indiana Court of Appeals Holds That Lease Terms Bar Landlord’s Carrier From Subrogating Against Commercial Tenant
April 03, 2019 —
Gus Sara - The Subrogation StrategistIn Youell v. Cincinnati Ins. Co., 2018 Ind. App. LEXIS 497 (2018), the Court of Appeals of Indiana considered whether a landlord’s carrier could bring a subrogation claim against a commercial tenant for fire-related damages when the lease, which did not reference subrogation, explicitly required the landlord to maintain fire insurance coverage for the leased premises. The court held that subrogation was barred because the provision requiring the landlord to maintain fire insurance established an agreement to provide both parties with the benefits of insurance. The Youell case establishes that, in Indiana, if the lease explicitly states that the landlord will maintain fire casualty insurance for the building, the lease evidences an agreement by the parties to shift the risk of loss to the insurer. This agreement bars a landlord’s insurance carrier from subrogating against a commercial tenant in the event of a casualty.
In 2013, the building owner, Greg Dotson, began leasing a commercial building to Robert Youell for his tire business, Best One Giant Tire, Inc. (collectively, Youell). The lease agreement required that the landlord maintain fire and extended coverage insurance on the building and the leased premises. The lease also required the tenant to purchase fire and extended coverage insurance for its personal property. The lease did not mention subrogation. Dotson obtained a property insurance policy through Cincinnati Insurance.
Read the court decisionRead the full story...Reprinted courtesy of
Gus Sara, White and Williams LLPMr. Sara may be contacted at
sarag@whiteandwilliams.com
On Rehearing, Fifth Circuit Finds Contractual-Liability Exclusion Does Not Apply
November 26, 2014 —
Tred R. Eyerly – Insurance Law HawaiiOn rehearing, the Fifth Circuit determined that the contractual-liability exclusion did not apply to bar coverage for damage caused by the insured contractor to the home it constructed. Crownover v. Mid-Continent Cas. Co., 2014 U.S. App. LEXIS 20727 (5th Cir. Oct. 29, 2014).The court withdrew its prior opinion, summarized here.
Arrow Development, Inc. contracted with the Crownovers to construct a home. The contract had a warranty-to-repair clause, which, in paragraph 23.1, provided that Arrow would "promptly correct work . . . failing to confirm to the requirements of the Contract Documents." After the Crownovers moved in, cracks began to appear in the walls and foundation of the home. Additional problems with the heating, ventilation, and air conditioning ("HVAC") caused leaking in the exterior lines and air ducts inside the home. To compensate for defects in the HVAC system, the system's mechanical units ran almost continuously in order to heat or cool the home. Because they were overburdened, the mechanical units had to be replaced. The Crownovers paid several hundred thousand dollars to fix the problems with the foundation and HVAC system.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly, Insurance Law HawaiiMr. Eyerly may be contacted at
te@hawaiilawyer.com
Another Worker Dies in Boston's Latest Construction Accident
June 20, 2022 —
Scott Van Voorhis - Engineering News-RecordBoston Police and the US Occupational Safety and Health Administration are investigating a June 9 early morning construction accident that killed a worker in Boston’s Seaport district— the latest in a spate of fatalities at worksites across the city's metro area during the past 18 months.
Reprinted courtesy of
Scott Van Voorhis, Engineering News-Record
ENR may be contacted at enr@enr.com
Read the full story... Read the court decisionRead the full story...Reprinted courtesy of
No Choice between Homeowner Protection and Bankrupt Developers?
February 10, 2012 —
CDJ STAFFDonna DiMaggio Berger, writing in the Sun Sentinel argues those may be the only current choices in Florida. A recent court case, Lakeview Reserve HOA v. Maronda Homes has caused a swift response from the legislators. Ms. Berger notes that the construction defect bill, HB 1013, “would take away a homeowner’s rights to pursue a developer for defects to the driveways, roads, sidewalks, utilities, drainage areas and other so-called ‘off-site’ improvements.” The alternative? She notes that applying the Maronda decision would “bankrupt developers who don’t build defect-free roads and sidewalks.”
Read the full story…
Read the court decisionRead the full story...Reprinted courtesy of
