The "Dark Overlord" Strikes The Practice Of Law: What Law Firms Can Do To Protect Themselves
April 17, 2019 —
Ivo G. Danielle – Newmeyer & DillionCybersecurity breaches involving law firms are on the rise with each passing year. Law firms are prime targets for cyber criminals seeking confidential and sensitive information because of the various types of legal work that law firms normally handle for their clients. Whether it be mergers and acquisitions, the use of intellectual property, purchase agreements, bankruptcy or even litigation involving divorce, law firms are a rich depository for highly confidential and sensitive information. As a result, law firms must employ comprehensive security measures to protect themselves from security breaches or risk being on the losing end of a costly malpractice claim, and suffer severe reputational harm.
Law Firms Continue To Be Targeted By Cybercriminals
According to the American Bar Association ("ABA") 2018 Legal Technology Survey Report, 23% of the law firms who participated in the survey reported that their law firm experienced a data breach. Although this may be just a 1% increase from the 22% who reported a breach in 2017, it is important to understand that this is an increase of 8% from the stable percentages reported from 2013 through 2016.1 The 2018 survey report also revealed that security breaches fluctuated with firm size – 14% for solo law firms, 24% for firms employing 2-9 attorneys, approximately 24% for firms with 10-49 attorneys, 42% for firms with 50-99 attorneys, and approximately 31% for those firms employing 100 or more attorneys.
Latest Law Firm Security Breaches
The notorious criminal group called "The Dark Overlord" has a history of committing data breaches of high profile companies such as Gorilla Glue, Netflix, Larson Studios, multiple healthcare companies, and Little Red Door Cancer Agency. Their goal is simple – steal sensitive information and then extort payment from the victims by threatening to release the sensitive information to the public.
On December 31, 2018, this cybercriminal group announced to the world that they had acquired 18,000 documents containing highly sensitive legal information related to insurance based litigation connected to the 9/11 tragedy. The stolen information was the attorney/client property of Lloyd's of London, Silverstein Properties, and Hiscox Syndicates, Ltd. In its announcement, The Dark Overlord boasted that they were in possession of client sensitive information, such as: "emails; retainer agreements; non-disclosure agreements; settlements, litigation strategies; liability analysis; defense formation; collection of expert witness testimonies; communication with government officials in countries all over the world; voice mails; dealings with the FBI, USDOJ, DOD, confidential communications, and so much more."
Subsequent to the data breach, The Dark Overlord announced to the public that they designed a compensation plan that would allow for public crowd-funding for its organization to permit the public to view the stolen information in exchange for bitcoin payment. The more public funding it receives, the more stolen sensitive information will be unlocked and released to the public. It is estimated that this cybercriminal group already distributed information to the public on two separate occasions during the month of January 2019.
High profile cybersecurity breaches of law firms is nothing new – for example, the infamous Panama Papers breach, where cybercriminals leaked 11.5 million documents exposing the shadowy business of setting up offshore corporations as tax shelters for businesses, celebrities, and politicians - and the infamous Petya Malware attack which resulted in a digital lockdown of one of the world's largest law firms, DLA Piper. However, despite the infrequency of publicized cyber-attacks of law firms by the media, the FBI has recently announced that law firms should expect an increase in security attacks by cybercriminals because law firms are now viewed as "one-stop shops" for cybercriminals. Therefore, in order to combat the inevitable increase in cyber-attacks, law firms must get prepared.
How Law Firms Can Protect Themselves
All law firms will agree that the most serious consequence of a security breach for their firm would be the unauthorized access to sensitive client data. The American Bar Association's Model Rules of Professional Conduct, specifically Rules 1.1 and 1.62 and related Comments, require an attorney to take competent and reasonable measures to safeguard information relating to their clients. This duty to "safeguard' information imposes a significant challenge to firms when using technology in connection with protecting client information because most law firms are not savvy with technology and lack proper cyber security training.
In order for a law firm to protect itself from security breaches and inadvertently violate its duty of safeguarding a client's sensitive information, it is important to take the following actions:
- Start by taking an inventory and risk assessment of the firm to determine what needs to be protected – the inventory should include both technology and data;
- Develop, implement and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations;
- Ensure the cybersecurity program addresses people, policies and procedures, and technology. The cybersecurity program must designate an individual or a group to be in charge and coordinate security;
- Develop an incident response plan scaled to the size of the firm;
- Continually train staff and attorneys to identify and understand potential cybersecurity threats;
- Consider implementing a third-party assessment of firm's cybersecurity program and policies;
- Purchase cyber liability for insurance which not only covers first party losses to law firms (like lost productivity, data restoration, and legal expenses) but also liability protection to third parties;
- Implement authentication and access controls for network, computers and mobile devices used by the firm's staff and attorneys;
- Consider the use of full-drive encryption for computers and mobile devices;
- Have staff and attorneys avoid and/or limit the use of public WiFi when working remotely; and
- Create a disaster recovery plan to backup all data in the event of a cyber-attack or natural catastrophe.
Continually reviewing, implementing, training and updating a firm's cybersecurity program and protocols will help safeguard sensitive and confidential client information and/or data. No law firm wants to be the next data breach headline – so take the necessary steps to avoid a potential disaster.
1 Past ABA Legal Technology Surveys reported 14% in 2016, 15% in 2015, 14% in 2014 and 15% in 2013.
2 On November 1, 2018, California adopted ethics rules patterned after the ABA Model Rules of Professional Conduct.
Ivo Daniele is a seasoned associate in Newmeyer & Dillion's Walnut Creek office. His practice includes representing private and public companies with both their transactional and litigation needs. You can reach Ivo at ivo.daniele@ndlf.com.
About Newmeyer & Dillion
For almost 35 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business law, privacy & data security, employment, real estate, construction, insurance law and trial work, Newmeyer & Dillion delivers legal services tailored to meet each client's needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
ASCE Statement on The Partial Building Collapse in Surfside, Florida
June 28, 2021 —
Tom Smith - American Society of Civil EngineersThe following is a statement by Tom Smith, Executive Director, American Society of Civil Engineers (ASCE):
WASHINGTON, DC. – We are saddened by the tragic news coming out of Surfside, Florida, regarding the fatal partial building collapse of a condominium early Thursday morning. Safety is the top priority of every civil engineer, and protecting public health and safety is core to our mission at ASCE. We share our deepest condolences to all of those affected by this tragedy.
Collapses like these are fortunately highly unusual and extremely rare. However, it is imperative to identify the root cause of failures when they do occur, and to ensure that proactive steps are taken to prevent future incidents. ASCE fully supports the need for continued engineering assessments to pinpoint the cause of the collapse, and we stand ready to support official investigations with technical expertise and advice available through our 150,000 civil engineer members worldwide.
While rescue and recovery operations are underway, it is important that we support our first responders who are conducting essential rescue efforts and are operating as quickly as possible. We will also continue to keep those who have been injured and those who have not yet been accounted for in our hearts and thoughts, and we share our heartfelt sympathies to all of those affected.
ABOUT THE AMERICAN SOCIETY OF CIVIL ENGINEERS
Founded in 1852, the American Society of Civil Engineers represents more than 150,000 civil engineers worldwide and is America's oldest national engineering society. ASCE works to raise awareness of the need to maintain and modernize the nation's infrastructure using sustainable and resilient practices, advocates for increasing and optimizing investment in infrastructure, and improve engineering knowledge and competency. For more information, visit www.asce.org or www.infrastructurereportcard.org and follow us on Twitter, @ASCETweets and @ASCEGovRel.
Read the court decisionRead the full story...Reprinted courtesy of
Bound by Group Builders, Federal District Court Finds No Occurrence
August 11, 2011 —
Tred R. Eyerly - Insurance Law HawaiiThe homeowners sued their contractor, alleging the contractor had defectively constructed and failed to complete their home.  State Farm Fire and Casualty Co. v. Vogelgesang, 2011 U.S. Dist. LEXIS 72618 (D. Haw. July 6, 2011). The homeowners' complaint pled, among other things, damage caused by breach of contract and negligence. State Farm agreed to defend under a reservation of rights.
�State Farm filed suit in federal court for declaratory relief. Judge Mollway granted State Farm's motion for summary judgment. Relying on the Hawaii Intermediate Court of Appeal's decision in Group Builders, Inc. v. Admiral Ins. Co., 123 Haw. 142, 231 P.3d 67 (Haw. Ct. App. 2010), Judge Mollway determined that the claims asserted in the underlying litigation arose from the contractor's alleged breach of contract.  Group Builders held that breach of contract claims based on allegations of shoddy performance were not covered under CGL policies.
Read the full story…
�Reprinted courtesy of Tred R. Eyerly, Insurance Law Hawaii. Mr. Eyerly can be contacted at te@hawaiilawyer.com
Read the court decisionRead the full story...Reprinted courtesy of
Requesting an Allocation Between Covered and Non-Covered Damages? [Do] Think Twice, It’s [Not Always] All Right.
October 12, 2020 —
Todd Likman - Colorado Construction LitigationAs is often the case in construction defect and other insurance defense litigation, a plaintiff’s claims for relief typically encompass both covered and uncovered damages. Obviously, it is in the insured’s best interests to have as many damages covered by insurance as possible. From the insurer’s perspective and against the backdrop of owing duty of good faith and fair dealing to its insureds, however, it is generally better to have an allocation of covered vs. non-covered damages. This places the insurer, insured, and insurance retained defense counsel in a difficult position.
A recent opinion from U.S. District Court for the District of Colorado, Rockhill Ins. Co. v. CFI-Global Fisheries Mgmt, Civil Action No. 1:16-CV-02760-RM-MJW, 2020 U.S. Dist. LEXIS 35209 (D. Colo. Mar. 2, 2020), sheds light on the issue, even though some may feel it only further muddies already murky waters.
Rockhill involved review of an arbitration proceeding that property-owner, Heirloom I, LLC (“Heirloom”) filed against CFI-Global Fisheries Management (“CFI”). Rockhill Insurance Company (“Rockhill Insurance”) was asked to defend the arbitration as CFI’s professional and general liability insurer. At issue in the arbitration was Heirloom’s claim that CFI defectively designed and constructed a fisheries enhancement that was destroyed by natural processes four times in three years.
Read the court decisionRead the full story...Reprinted courtesy of
Todd Likman, Higgins, Hopkins, McLain & RoswellMr. Likman may be contacted at
likman@hhmrlaw.com
A Matter Judged: Subrogating Insurers Should Beware of Prior Suits Involving the Insured
March 25, 2024 —
Gus Sara - The Subrogation StrategistIn New Jersey Mfrs. Ins. Co. v. Lallygone LLC, No. A-2607-22, 2024 N.J. Super. Unpub. LEXIS 120, the Appellate Division of the Superior Court of New Jersey (Appellate Division) considered whether New Jersey Manufacturers Insurance Company (the carrier) could bring a subrogation action after its insured, Efmorfopo Panagiotou (the insured), litigated and tried claims related to the same underlying incident with the same defendant, Lallygone LLC (the defendant). The Appellate Division affirmed the trial court’s finding that the prior lawsuit extinguished the carrier’s claims.
In Lallygone LLC, the insured hired the defendant to renovate a detached garage on his property. In March 2022, while the defendant’s employees were removing existing concrete slabs, the garage collapsed. After the incident, the insured stopped paying the defendant. In addition, the insured filed a claim with the carrier, which ultimately paid the insured over $180,000 for the damage under its property policy. The carrier sent a subrogation notice letter to the defendant.
Read the court decisionRead the full story...Reprinted courtesy of
Gus Sara, White and WilliamsMr. Sara may be contacted at
sarag@whiteandwilliams.com
Lending Plunges to 17-Year Low as Rates Curtail Borrowing
April 15, 2014 —
Kathleen M. Howley, Zachary Tracer and Heather Perlberg – BloombergWells Fargo (WFC) & Co. and JPMorgan Chase & Co., the two largest U.S. mortgage lenders, reported a first-quarter plunge in loan volumes that’s part of an industry-wide drop off. Lenders made $226 billion of mortgages in the period, the smallest quarterly amount since 1997 and less than one-third of the 2006 average, according to the Mortgage Bankers Association in Washington.
Lending has been tumbling since mid-2013 when mortgage rates jumped about a percentage point after the Federal Reserve said it might taper stimulus spending. A surge in all-cash purchases to more than 40 percent has kept housing prices rising, squeezing more Americans out of the market. That will help push lending down further this year, according to the association.
Ms. Howley may be contacted at kmhowley@bloomberg.net; Mr. Tracer may be contacted at ztracer1@bloomberg.net; Ms. Perlberg may be contacted at hperlberg@bloomberg.net
Read the court decisionRead the full story...Reprinted courtesy of
Kathleen M. Howley, Zachary Tracer and Heather Perlberg, Bloomberg
Appraisers May Determine Causation
January 21, 2015 —
Tred R. Eyerly – Insurance Law HawaiiIn a case of first impression, the Iowa Court of Appeals held that an appraisal may determine issues of causation. North Glenn Homeowners Association v. State Farm Fire & Cas. Co., 854 N.W. 2d 67 (Iowa Ct. App. 2014).
On July 15, 2009, North Glenn Homeowners Association submitted a claim to State Farm for hail damage on the roof. The claim was paid. North Glenn did not repair all of the damage, instead deciding to use some of the money to make other repairs to the property.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly, Insurance Law HawaiiMr. Eyerly may be contacted at
te@hawaiilawyer.com
Can You Really Be Liable For a Product You Didn’t Make? In New Jersey, the Answer is Yes
December 14, 2020 —
James Burger & Robert Devine - White and Williams LLPNew Jersey has recently expanded liability for product distributors and manufacturers to products that the distributor/manufacturer did not make or sell. This alert discusses this new law and steps that distributors and manufacturers may consider to reduce their potential liability.
In Whelan v. Armstrong International, Inc., the New Jersey Supreme Court held that distributors and manufacturers can be strictly liable for injuries caused by replacement parts added after the point of sale which had not been manufactured or sold by any of the defendants in the case. In Whelan, the defendants’ products had originally been sold with asbestos-containing parts. Mr. Whelan, the plaintiff, argued that asbestos-containing replacement parts were required to repair and maintain the products. The court found that because the products were designed with asbestos-containing parts, “[d]efendants had a duty to provide warnings given the foreseeability that third parties would be the source of asbestos-containing replacement components.” (Emphasis added).
This reasoning, based on “foreseeability,” should give pause to all product distributors and manufacturers—even those who do not make or sell products that contain asbestos. Certainly distributors and manufacturers of products with asbestos-containing parts must take heed that they may now be liable for replacement parts that they neither manufactured nor sold. This alone is a significant holding that expands potential liability.
Reprinted courtesy of
James Burger, White and Williams LLP and
Robert Devine, White and Williams LLP
Mr. Burger may be contacted at burgerj@whiteandwilliams.com
Mr. Devine may be contacted at deviner@whiteandwilliams.com
Read the court decisionRead the full story...Reprinted courtesy of
