The "Dark Overlord" Strikes The Practice Of Law: What Law Firms Can Do To Protect Themselves
April 17, 2019 —
Ivo G. Danielle – Newmeyer & DillionCybersecurity breaches involving law firms are on the rise with each passing year. Law firms are prime targets for cyber criminals seeking confidential and sensitive information because of the various types of legal work that law firms normally handle for their clients. Whether it be mergers and acquisitions, the use of intellectual property, purchase agreements, bankruptcy or even litigation involving divorce, law firms are a rich depository for highly confidential and sensitive information. As a result, law firms must employ comprehensive security measures to protect themselves from security breaches or risk being on the losing end of a costly malpractice claim, and suffer severe reputational harm.
Law Firms Continue To Be Targeted By Cybercriminals
According to the American Bar Association ("ABA") 2018 Legal Technology Survey Report, 23% of the law firms who participated in the survey reported that their law firm experienced a data breach. Although this may be just a 1% increase from the 22% who reported a breach in 2017, it is important to understand that this is an increase of 8% from the stable percentages reported from 2013 through 2016.1 The 2018 survey report also revealed that security breaches fluctuated with firm size – 14% for solo law firms, 24% for firms employing 2-9 attorneys, approximately 24% for firms with 10-49 attorneys, 42% for firms with 50-99 attorneys, and approximately 31% for those firms employing 100 or more attorneys.
Latest Law Firm Security Breaches
The notorious criminal group called "The Dark Overlord" has a history of committing data breaches of high profile companies such as Gorilla Glue, Netflix, Larson Studios, multiple healthcare companies, and Little Red Door Cancer Agency. Their goal is simple – steal sensitive information and then extort payment from the victims by threatening to release the sensitive information to the public.
On December 31, 2018, this cybercriminal group announced to the world that they had acquired 18,000 documents containing highly sensitive legal information related to insurance based litigation connected to the 9/11 tragedy. The stolen information was the attorney/client property of Lloyd's of London, Silverstein Properties, and Hiscox Syndicates, Ltd. In its announcement, The Dark Overlord boasted that they were in possession of client sensitive information, such as: "emails; retainer agreements; non-disclosure agreements; settlements, litigation strategies; liability analysis; defense formation; collection of expert witness testimonies; communication with government officials in countries all over the world; voice mails; dealings with the FBI, USDOJ, DOD, confidential communications, and so much more."
Subsequent to the data breach, The Dark Overlord announced to the public that they designed a compensation plan that would allow for public crowd-funding for its organization to permit the public to view the stolen information in exchange for bitcoin payment. The more public funding it receives, the more stolen sensitive information will be unlocked and released to the public. It is estimated that this cybercriminal group already distributed information to the public on two separate occasions during the month of January 2019.
High profile cybersecurity breaches of law firms is nothing new – for example, the infamous Panama Papers breach, where cybercriminals leaked 11.5 million documents exposing the shadowy business of setting up offshore corporations as tax shelters for businesses, celebrities, and politicians - and the infamous Petya Malware attack which resulted in a digital lockdown of one of the world's largest law firms, DLA Piper. However, despite the infrequency of publicized cyber-attacks of law firms by the media, the FBI has recently announced that law firms should expect an increase in security attacks by cybercriminals because law firms are now viewed as "one-stop shops" for cybercriminals. Therefore, in order to combat the inevitable increase in cyber-attacks, law firms must get prepared.
How Law Firms Can Protect Themselves
All law firms will agree that the most serious consequence of a security breach for their firm would be the unauthorized access to sensitive client data. The American Bar Association's Model Rules of Professional Conduct, specifically Rules 1.1 and 1.62 and related Comments, require an attorney to take competent and reasonable measures to safeguard information relating to their clients. This duty to "safeguard' information imposes a significant challenge to firms when using technology in connection with protecting client information because most law firms are not savvy with technology and lack proper cyber security training.
In order for a law firm to protect itself from security breaches and inadvertently violate its duty of safeguarding a client's sensitive information, it is important to take the following actions:
- Start by taking an inventory and risk assessment of the firm to determine what needs to be protected – the inventory should include both technology and data;
- Develop, implement and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations;
- Ensure the cybersecurity program addresses people, policies and procedures, and technology. The cybersecurity program must designate an individual or a group to be in charge and coordinate security;
- Develop an incident response plan scaled to the size of the firm;
- Continually train staff and attorneys to identify and understand potential cybersecurity threats;
- Consider implementing a third-party assessment of firm's cybersecurity program and policies;
- Purchase cyber liability for insurance which not only covers first party losses to law firms (like lost productivity, data restoration, and legal expenses) but also liability protection to third parties;
- Implement authentication and access controls for network, computers and mobile devices used by the firm's staff and attorneys;
- Consider the use of full-drive encryption for computers and mobile devices;
- Have staff and attorneys avoid and/or limit the use of public WiFi when working remotely; and
- Create a disaster recovery plan to backup all data in the event of a cyber-attack or natural catastrophe.
Continually reviewing, implementing, training and updating a firm's cybersecurity program and protocols will help safeguard sensitive and confidential client information and/or data. No law firm wants to be the next data breach headline – so take the necessary steps to avoid a potential disaster.
1 Past ABA Legal Technology Surveys reported 14% in 2016, 15% in 2015, 14% in 2014 and 15% in 2013.
2 On November 1, 2018, California adopted ethics rules patterned after the ABA Model Rules of Professional Conduct.
Ivo Daniele is a seasoned associate in Newmeyer & Dillion's Walnut Creek office. His practice includes representing private and public companies with both their transactional and litigation needs. You can reach Ivo at ivo.daniele@ndlf.com.
About Newmeyer & Dillion
For almost 35 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business law, privacy & data security, employment, real estate, construction, insurance law and trial work, Newmeyer & Dillion delivers legal services tailored to meet each client's needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Mexico Settles With Contractors for Canceled Airport Terminal
August 26, 2019 —
Eric Martin - BloombergMexico City's airport authority settled a dispute with builders on an 85 billion peso ($4.45 billion) contract for the terminal at a new Mexico City airport that President Andres Manuel Lopez Obrador canceled a month before taking office.
Grupo Aeroportuario Ciudad de la Mexico will pay 14.2 billion pesos, equivalent to 16.7% of the contract's total cost, to Constructora Terminal de Valle de Mexico, a consortium that includes Carlos Slim's Operadora Cicsa, the Communications and Transportation Ministry said in an emailed statement. The contracts represented 45% of the airport's total cost, the ministry said.
Read the court decisionRead the full story...Reprinted courtesy of
Eric Martin, Bloomberg
Texas Supreme Court Holds that Invoking Appraisal Provision and Paying Appraisal Amount Does Not Insulate an Insurer from Damages Under the Texas Prompt Payment of Claims Act
September 16, 2019 —
John C. Eichman & Grayson L. Linyard - Hunton Insurance Recovery BlogIn two cases decided June 28, 2019, the Texas Supreme Court held that an insurer’s invocation of a contractual appraisal provision after denying a claim does not as a matter of law insulate it from liability under the Texas Prompt Payment of Claims Act (“TPPCA”). But, on the other hand, the court also held that the insurer’s payment of the appraisal award does not as a matter of law establish its liability under the policy for purposes of TPPCA damages.
In Barbara Techs. Corp. v. State Farm Lloyds, No. 17-0640, 2019 WL 2666484, at *1 (Tex. June 28, 2019), State Farm Lloyds issued property insurance to Barbara Technologies Corporation for a commercial property. A wind and hail storm damaged the property, and Barbara Tech filed a claim under the policy. State Farm denied the claim, asserting that damages were less than the $5,000 deductible.
Barbara Tech filed suit against State Farm, including for violation of the TPPCA. Six months later, State Farm invoked the appraisal provision of the policy. More than a year after the suit was filed, appraisers agreed to a value of $195,345.63. State Farm then paid that amount, minus depreciation and the deductible. Barbara Tech amended its petition to include only TPPCA claims.
Reprinted courtesy of
John C. Eichman, Hunton Andrews Kurth and
Grayson L. Linyard, Hunton Andrews Kurth
Mr. Eichman may be contacted at jeichman@HuntonAK.com
Mr. Linyard may be contacted at glinyard@HuntonAK.com
Read the court decisionRead the full story...Reprinted courtesy of
Waiving Workers’ Compensation Immunity for Indemnity: Demystifying a Common and Scary-Looking Contract Term
October 07, 2016 —
James R. Lynch – Ahlers & Cressman PLLCParties to a construction contract are often skeptical of terms in bold fonts, capital letters, or underlining, and especially terms requiring separate signatures or initials. A natural assumption is that such terms must be harmful if they require such emphasis. This concern is further heightened when the term involves complex areas of law, or waivers of rights that the party may not fully understand. In such cases, a little knowledge can go a long way.
Read the court decisionRead the full story...Reprinted courtesy of
James R. Lynch, Ahlers & Cressman PLLCMr. Lynch may be contacted at
jlynch@ac-lawyers.com
A Reminder to Get Your Contractor’s License in Virginia
April 25, 2023 —
Christopher G. Hill - Construction Law MusingsHow are ducks and contractors alike? A question I get often, particularly from construction contractors outside of Virginia is whether they need to get a Virginia contractor’s license. The answer is almost invariably “yes.” The next question is why? The answer is almost always “Because state law says so.” With some minor exceptions for material suppliers and the like, Virginia law requires that all of those that perform construction for others carry the proper license and specialization for the work performed. There is no exception for the proverbial “paper contractor” that takes money from an owner and subcontracts all of the actual physical work. It does not matter if you use a different term for what you do for the owner. If it walks like a duck and quacks like a duck. . .its a duck. If you take money to perform construction, you’re a contractor.
Some of the consequences of contracting without a license (aside from possible criminal charges) include among other things, the inability to perfect a mechanic’s lien under Va. Code 43-3(D) and, with minor exceptions, the ability to enforce a contract (meaning it really hurts your ability to get paid).
Read the court decisionRead the full story...Reprinted courtesy of
The Law Office of Christopher G. HillMr. Hill may be contacted at
chrisghill@constructionlawva.com
Veolia Agrees to $25M Settlement in Flint Water Crisis Case
February 19, 2024 —
James Leggate - Engineering News-RecordEngineering firm Veolia North America agreed to a $25-million settlement to resolve a federal class action case related to its work for the city of Flint, Mich., during the city’s lead-in-water crisis, the company and attorneys for the plaintiffs announced Feb. 1. Veolia is the second engineering firm that worked for the city to settle with city residents, and the deal came ahead of a class-action trial scheduled to start later this month.
Reprinted courtesy of
James Leggate, Engineering News-Record
Mr. Leggate may be contacted at leggatej@enr.com
Read the full story... Read the court decisionRead the full story...Reprinted courtesy of
Free Texas MCLE Seminar at BHA Houston June 13th
May 29, 2014 —
Beverley BevenFlorez-CDJ STAFFThere are just two weeks remaining to sign up for Bert L. Howe & Associate’s next Texas MCLE seminar, THE RESIDENTIAL CONSTRUCTION PROCESS & CONSTRUCTION DEFECT LITIGATION.
This activity will be presented on Friday, June 13th at noon, at BHA’s Houston offices, located at:
800 Town & Country Blvd.
Suite 300
Houston, TX 77024
There is no cost for attendance at this seminar and lunch will be provided.
This course has been approved for Minimum Continuing Legal Education credit by the State Bar of Texas Committee on MCLE in the amount of 1.0 credit hours, of which 0.0 credit hours will apply to legal ethics/professional responsibility credit. The seminar will be presented by Don MacGregor, general contractor and project manager.
Water intrusion through doors, windows and roofing systems, as well as soil and foundation-related movement, and the resultant damage associated therewith, are the triggering effects for the vast majority of homeowner complaints today and serve as the basis for most residential construction defect litigation. The graphic and animation-supported workshop/lecture activity will focus on the residential construction process from site preparation through occupancy, an examination of associated damages most often encountered when investigating construction defect claims, and the inter-relationships between the developer, general contractor, sub trades and design professionals. Typical plaintiff homeowner/HOA expert allegations will be examined in connection with those building components most frequently associated with construction defect and claims litigation.
The workshop will examine:
*Typical construction materials, and terminology associated with residential construction
*The installation process and sequencing of major construction elements, including interrelationship with other building assemblies
*The parties (subcontractors) typically associated with major construction assemblies and components
*An analysis of exposure/allocation to responsible parties.
Attendance at THE RESIDENTIAL CONSTRUCTION PROCESS & CONSTRUCTION DEFECT LITIGATION seminar will provide the attendee with:
*A greater understanding of the terms and conditions encountered when dealing with common construction defect issues
*A greater understanding of contractual scopes of work encountered when reviewing construction contract documents
*The ability to identify, both quickly and accurately, potentially responsible parties
*An understanding of damages most often associated with construction defects, as well as a greater ability to identify conditions triggering coverage
Course #: 901290467 / Sponsor #: 14152. To register for the event, please email Don MacGregor at dmac@berthowe.com. If you have any questions, please feel free to contact Don at (800) 482-1822 (office) or (714) 713-4956 (cell).
Read the court decisionRead the full story...Reprinted courtesy of
Skipping Depositions does not Constitute Failure to Cooperate in New York
March 09, 2020 —
Ryan G. Nelson - Saxe Doernberger & VitaInsurance policies typically impose, on the insured, a duty to cooperate with the insurer during investigation and litigation of a claim. Non-cooperation can be grounds for denying coverage. This begs the question: what constitutes non-cooperation?
Recently, a New York appellate court affirmed a trial court’s decision that failure by an employee of the insured to show up for three court-ordered depositions did not rise to the level of “willful and avowed obstruction” and therefore, the insurer could not deny coverage on the basis of non-cooperation. See Foddrell v. Utica First Insurance Co., 178 A.D.3d 901 (N.Y. App. Div. 2019). In so holding, the Foddrell court applied the Thrasher test: “To effectively deny coverage based upon lack of cooperation, an insurance carrier must demonstrate (1) that it acted diligently in seeking to bring about the insured’s cooperation, (2) that the efforts employed by the insured were reasonably calculated to obtain the insured’s cooperation, and (3) that the attitude of the insured, after his or her cooperation was sought, was one of willful and avowed obstruction.” Id.; see Thrasher v. U. S. Liab. Ins. Co., 19 N.Y.2d 159, 167 (1967).
Thomas Foddrell’s suit against Utica First Insurance Company (“Utica First”) stemmed from his personal injury suit against Janey & Rana Construction Corporation (“J&R” (Utica First’s insured). During that lawsuit, J&R’s principal, Gardeep Singh, failed to appear for two court-ordered depositions. After his failure to appear at those depositions, Utica First sent an investigator to inform Singh that he was scheduled for a third deposition. Singh responded to the investigator that he would speak with J&R’s attorneys about the matter. Ultimately, Singh did not appear for the third court-ordered deposition. In response to Singh’s repeated failure to appear for the depositions, Utica First sent Singh a letter advising him that because of his lack of cooperation, Utica would no longer agree to indemnify J&R.
Read the court decisionRead the full story...Reprinted courtesy of
Ryan G. Nelson, Saxe Doernberger & VitaMr. Nelson may be contacted at
rgn@sdvlaw.com
