The "Dark Overlord" Strikes The Practice Of Law: What Law Firms Can Do To Protect Themselves
April 17, 2019 —
Ivo G. Danielle – Newmeyer & DillionCybersecurity breaches involving law firms are on the rise with each passing year. Law firms are prime targets for cyber criminals seeking confidential and sensitive information because of the various types of legal work that law firms normally handle for their clients. Whether it be mergers and acquisitions, the use of intellectual property, purchase agreements, bankruptcy or even litigation involving divorce, law firms are a rich depository for highly confidential and sensitive information. As a result, law firms must employ comprehensive security measures to protect themselves from security breaches or risk being on the losing end of a costly malpractice claim, and suffer severe reputational harm.
Law Firms Continue To Be Targeted By Cybercriminals
According to the American Bar Association ("ABA") 2018 Legal Technology Survey Report, 23% of the law firms who participated in the survey reported that their law firm experienced a data breach. Although this may be just a 1% increase from the 22% who reported a breach in 2017, it is important to understand that this is an increase of 8% from the stable percentages reported from 2013 through 2016.1 The 2018 survey report also revealed that security breaches fluctuated with firm size – 14% for solo law firms, 24% for firms employing 2-9 attorneys, approximately 24% for firms with 10-49 attorneys, 42% for firms with 50-99 attorneys, and approximately 31% for those firms employing 100 or more attorneys.
Latest Law Firm Security Breaches
The notorious criminal group called "The Dark Overlord" has a history of committing data breaches of high profile companies such as Gorilla Glue, Netflix, Larson Studios, multiple healthcare companies, and Little Red Door Cancer Agency. Their goal is simple – steal sensitive information and then extort payment from the victims by threatening to release the sensitive information to the public.
On December 31, 2018, this cybercriminal group announced to the world that they had acquired 18,000 documents containing highly sensitive legal information related to insurance based litigation connected to the 9/11 tragedy. The stolen information was the attorney/client property of Lloyd's of London, Silverstein Properties, and Hiscox Syndicates, Ltd. In its announcement, The Dark Overlord boasted that they were in possession of client sensitive information, such as: "emails; retainer agreements; non-disclosure agreements; settlements, litigation strategies; liability analysis; defense formation; collection of expert witness testimonies; communication with government officials in countries all over the world; voice mails; dealings with the FBI, USDOJ, DOD, confidential communications, and so much more."
Subsequent to the data breach, The Dark Overlord announced to the public that they designed a compensation plan that would allow for public crowd-funding for its organization to permit the public to view the stolen information in exchange for bitcoin payment. The more public funding it receives, the more stolen sensitive information will be unlocked and released to the public. It is estimated that this cybercriminal group already distributed information to the public on two separate occasions during the month of January 2019.
High profile cybersecurity breaches of law firms is nothing new – for example, the infamous Panama Papers breach, where cybercriminals leaked 11.5 million documents exposing the shadowy business of setting up offshore corporations as tax shelters for businesses, celebrities, and politicians - and the infamous Petya Malware attack which resulted in a digital lockdown of one of the world's largest law firms, DLA Piper. However, despite the infrequency of publicized cyber-attacks of law firms by the media, the FBI has recently announced that law firms should expect an increase in security attacks by cybercriminals because law firms are now viewed as "one-stop shops" for cybercriminals. Therefore, in order to combat the inevitable increase in cyber-attacks, law firms must get prepared.
How Law Firms Can Protect Themselves
All law firms will agree that the most serious consequence of a security breach for their firm would be the unauthorized access to sensitive client data. The American Bar Association's Model Rules of Professional Conduct, specifically Rules 1.1 and 1.62 and related Comments, require an attorney to take competent and reasonable measures to safeguard information relating to their clients. This duty to "safeguard' information imposes a significant challenge to firms when using technology in connection with protecting client information because most law firms are not savvy with technology and lack proper cyber security training.
In order for a law firm to protect itself from security breaches and inadvertently violate its duty of safeguarding a client's sensitive information, it is important to take the following actions:
- Start by taking an inventory and risk assessment of the firm to determine what needs to be protected – the inventory should include both technology and data;
- Develop, implement and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations;
- Ensure the cybersecurity program addresses people, policies and procedures, and technology. The cybersecurity program must designate an individual or a group to be in charge and coordinate security;
- Develop an incident response plan scaled to the size of the firm;
- Continually train staff and attorneys to identify and understand potential cybersecurity threats;
- Consider implementing a third-party assessment of firm's cybersecurity program and policies;
- Purchase cyber liability for insurance which not only covers first party losses to law firms (like lost productivity, data restoration, and legal expenses) but also liability protection to third parties;
- Implement authentication and access controls for network, computers and mobile devices used by the firm's staff and attorneys;
- Consider the use of full-drive encryption for computers and mobile devices;
- Have staff and attorneys avoid and/or limit the use of public WiFi when working remotely; and
- Create a disaster recovery plan to backup all data in the event of a cyber-attack or natural catastrophe.
Continually reviewing, implementing, training and updating a firm's cybersecurity program and protocols will help safeguard sensitive and confidential client information and/or data. No law firm wants to be the next data breach headline – so take the necessary steps to avoid a potential disaster.
1 Past ABA Legal Technology Surveys reported 14% in 2016, 15% in 2015, 14% in 2014 and 15% in 2013.
2 On November 1, 2018, California adopted ethics rules patterned after the ABA Model Rules of Professional Conduct.
Ivo Daniele is a seasoned associate in Newmeyer & Dillion's Walnut Creek office. His practice includes representing private and public companies with both their transactional and litigation needs. You can reach Ivo at ivo.daniele@ndlf.com.
About Newmeyer & Dillion
For almost 35 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business law, privacy & data security, employment, real estate, construction, insurance law and trial work, Newmeyer & Dillion delivers legal services tailored to meet each client's needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Duuers: Better Proposals with Less Work
July 21, 2018 —
Aarni Heiskanen - AEC BusinessSmall contractors, consultants, and design professionals have a love–hate relationship with responding to RFPs. Duuers, a Finnish startup, wants to turn this struggle into an inspiring experience.
“We followed a day in the life of a hand-picked group of entrepreneurs,” says Paula Viinamäki, co-founder of Duuers. “We were flies on the wall, observing how small business owners wrestle with their daily tasks. Proposal-writing seemed to be an especially painful and time-consuming, yet vital, job.”
Defining the Scope through Experiments
After discovering this poorly supported but essential job that had to be done, Viinamäki and Jussi Paanajärvi, the other co-founder of Duuers, realized that they might be onto something. Consequently, they decided to start working on a prototype app for proposal-writing in the spring of 2017.
Read the court decisionRead the full story...Reprinted courtesy of
Aarni Heiskanen, AEC BusinessMr. Heiskanen may be contacted at
aec-business@aepartners.fi
Virginia Chinese Drywall “property damage” caused by an “occurrence” and number of “occurrences”
August 04, 2011 —
CDCoverage.comIn Dragas Management Corp. v. Hanover Insurance Co., No. 2:10cv547 (E.D. Va. July 21, 2011), claimant residential home general contractor and developer DMC filed for arbitration against insured drywall supply and install subcontractor Porter-Blaine seeking damages for (1) the replacement of defective Chinese drywall, and (2) the repair of resulting property to other components of the DMC homes and homeowners’ personal property in seventy-four homes. Porter-Blaine’s CGL insurer Citizens and excess insurer Hanover defended Porter-Blaine in the DMC arbitration.
Read the full story…
�Reprinted courtesy of CDCoverage.com
Read the court decisionRead the full story...Reprinted courtesy of
Construction Workers Face Dangers on the Job
November 18, 2011 —
CDJ STAFFOSHA calculates that for each 33,000 active construction workers, one will die on the job each year, making their risk over the course of their careers at one out of every 200 workers. This puts it many times over OSHA’s definition of “significant risk” of 1 death per 1,000 workers over the course of their careers. According to an article in People’s World, “the main risk of death is from falls.”
At a talk at the American Public Health Association’s meeting, one expert noted that “construction workers make up 6 percent to 8 percent of all workers, but account for 20 percent of all deaths on the job every year.”
Read the full story…
Read the court decisionRead the full story...Reprinted courtesy of
Barratt Said to Suspend Staff as Contract Probe Continues
February 02, 2017 —
Jack Sidders - BloombergBarratt Developments Plc suspended at least three more employees within its London business as part of an ongoing probe into potential misconduct in the awarding of contracts, according to two people familiar with the decision.
Read the court decisionRead the full story...Reprinted courtesy of
Jack Sidders, BloombergMr. Sidders may be followed on Twitter @jacksidders
Near-Zero Carbon Cement Powers Sustainable 3D-Printed Homes
August 07, 2023 —
Aarni Heiskanen - AEC BusinessEco Material Technologies and Hive 3D have unveiled the first 3D-printed homes using near-zero carbon cement as part of a housing project called The Casitas @ The Halles.
The homes, ranging from 400 to 900 square feet, are constructed using Eco Material’s durable, longer-lasting cement called PozzoCEM Vite®. The cement replaces 100% of traditional Portland cement, has 92% lower emissions, and sets much faster.
Hive 3D has developed a system to mix Eco Material’s cement replacement products with locally-sourced aggregates on-site, enabling cost-efficient and affordable construction. The collaboration aims to offer sustainable housing solutions and transition the construction industry away from high-carbon materials.
Read the court decisionRead the full story...Reprinted courtesy of
Aarni Heiskanen, AEC BusinessMr. Heiskanen may be contacted at
aec-business@aepartners.fi
Harsh New Time Limits on Construction Defect Claims
April 26, 2011 —
Scott F. Sullan, Esq., Mari K. Perczak, Esq., and Leslie A. Tuft, Esq.A recent Colorado Supreme Court decision, Smith v. Executive Custom Homes, Inc., 230 P.3d 1186 (Colo. 2010), considerably shortens the time limit for bringing many construction defect lawsuits. Homeowners and homeowner associations risk losing the right to seek reimbursement from builders, developers and other construction professionals unless they carefully and quickly act upon discovery of evidence of any potential construction defect.
�The Statute of Limitations for Construction Defect Claims
�Colorado’s construction defect statute of limitations limits the time for homeowners and homeowners associations to bring lawsuits for construction defects against “construction professionals,” including developers, general contractors, builders, engineers, architects, other design professionals, inspectors and subcontractors. The statute requires homeowners and associations to file suit within two years “after the claim for relief arises.” A claim for relief “arises” when a homeowner or association discovers or reasonably should have discovered the physical manifestation of a construction defect.
�The two-year time limitation applies to each construction defect separately, and will begin to run upon the appearance of a “manifestation” of a construction defect (which may include, for example, a condition as simple as a roof leak or drywall cracks), even if the homeowner or association does not know the cause of the apparent problem.
�The Smith Opinion and its Effect on the Statute of Limitations
�In Smith v. Executive Custom Homes, Inc., the plaintiff homeowner, Mrs. Smith, slipped on ice that had accumulated on her sidewalk because of a leaking gutter and suffered injury. When she first noticed the leak, she reported it to her property manager, who reported it to the builder. The builder attempted to repair the gutter, unbeknownst to Mrs. Smith, and she did not notice further problems until approximately one year after she first observed the leak, when she fell and suffered serious injury. She sued the builder within two years of her injury, but nearly three years after she first learned of the leak.
�The Colorado Supreme Court dismissed Mrs. Smith’s claims as untimely and held that under the construction defect statute of limitations, the two-year period for suing for injuries due to construction defects begins when the homeowner first observes the physical manifestation of the defect, even if the resulting injury has not yet occurred. The court acknowledged that this ruling could result in “unfair results,” especially if a serious and unforeseeable injury occurs more than two years after the first time the homeowner noticed the problem, and as a result the victim is unable to seek redress from those responsible for the defect.
�Read the full story…
�Reprinted courtesy of Scott F. Sullan, Esq., Mari K. Perczak, Esq., and Leslie A. Tuft, Esq. of Sullan2, Sandgrund, Smith & Perczak, P.C., and they can be contacted through their web site.
Read the court decisionRead the full story...Reprinted courtesy of
Potential Pitfalls Under the Contract Disputes Act for Federal Government Contractors
February 28, 2018 —
Sarah K. Carpenter – Smith Currie PublicationsThe Contract Disputes Act (CDA) governs monetary and non-monetary disputes arising out of contracts or implied-in-fact contracts between the federal government and contractors. Because the CDA is an exclusive remedy, it is important that contractors be wary of the many pitfalls that may be encountered by a contractor seeking to assert a claim against the government under the CDA.
The pitfalls faced by a contractor under the CDA can arise before a contractor becomes aware of a potential claim. Pursuant to the Federal Acquisition Regulation (FAR) § 43.204(c), a contracting officer should include in any supplemental agreement, including any change order, a Contractor’s Statement of Release which requires a contractor to execute a broad release of the government from any and all liability under the contract. As a result of this FAR provision, in executing a routine change order, a contractor may inadvertently release its right to pursue a potential claim under the CDA. A contractor should always review any release language prior to executing a supplemental agreement or change order with the government.
Read the court decisionRead the full story...Reprinted courtesy of
Sarah K. Carpenter, Smith CurrieMs. Carpenter may be contacted at
skcarpenter@smithcurrie.com
