The "Dark Overlord" Strikes The Practice Of Law: What Law Firms Can Do To Protect Themselves
April 17, 2019 —
Ivo G. Danielle – Newmeyer & DillionCybersecurity breaches involving law firms are on the rise with each passing year. Law firms are prime targets for cyber criminals seeking confidential and sensitive information because of the various types of legal work that law firms normally handle for their clients. Whether it be mergers and acquisitions, the use of intellectual property, purchase agreements, bankruptcy or even litigation involving divorce, law firms are a rich depository for highly confidential and sensitive information. As a result, law firms must employ comprehensive security measures to protect themselves from security breaches or risk being on the losing end of a costly malpractice claim, and suffer severe reputational harm.
Law Firms Continue To Be Targeted By Cybercriminals
According to the American Bar Association ("ABA") 2018 Legal Technology Survey Report, 23% of the law firms who participated in the survey reported that their law firm experienced a data breach. Although this may be just a 1% increase from the 22% who reported a breach in 2017, it is important to understand that this is an increase of 8% from the stable percentages reported from 2013 through 2016.1 The 2018 survey report also revealed that security breaches fluctuated with firm size – 14% for solo law firms, 24% for firms employing 2-9 attorneys, approximately 24% for firms with 10-49 attorneys, 42% for firms with 50-99 attorneys, and approximately 31% for those firms employing 100 or more attorneys.
Latest Law Firm Security Breaches
The notorious criminal group called "The Dark Overlord" has a history of committing data breaches of high profile companies such as Gorilla Glue, Netflix, Larson Studios, multiple healthcare companies, and Little Red Door Cancer Agency. Their goal is simple – steal sensitive information and then extort payment from the victims by threatening to release the sensitive information to the public.
On December 31, 2018, this cybercriminal group announced to the world that they had acquired 18,000 documents containing highly sensitive legal information related to insurance based litigation connected to the 9/11 tragedy. The stolen information was the attorney/client property of Lloyd's of London, Silverstein Properties, and Hiscox Syndicates, Ltd. In its announcement, The Dark Overlord boasted that they were in possession of client sensitive information, such as: "emails; retainer agreements; non-disclosure agreements; settlements, litigation strategies; liability analysis; defense formation; collection of expert witness testimonies; communication with government officials in countries all over the world; voice mails; dealings with the FBI, USDOJ, DOD, confidential communications, and so much more."
Subsequent to the data breach, The Dark Overlord announced to the public that they designed a compensation plan that would allow for public crowd-funding for its organization to permit the public to view the stolen information in exchange for bitcoin payment. The more public funding it receives, the more stolen sensitive information will be unlocked and released to the public. It is estimated that this cybercriminal group already distributed information to the public on two separate occasions during the month of January 2019.
High profile cybersecurity breaches of law firms is nothing new – for example, the infamous Panama Papers breach, where cybercriminals leaked 11.5 million documents exposing the shadowy business of setting up offshore corporations as tax shelters for businesses, celebrities, and politicians - and the infamous Petya Malware attack which resulted in a digital lockdown of one of the world's largest law firms, DLA Piper. However, despite the infrequency of publicized cyber-attacks of law firms by the media, the FBI has recently announced that law firms should expect an increase in security attacks by cybercriminals because law firms are now viewed as "one-stop shops" for cybercriminals. Therefore, in order to combat the inevitable increase in cyber-attacks, law firms must get prepared.
How Law Firms Can Protect Themselves
All law firms will agree that the most serious consequence of a security breach for their firm would be the unauthorized access to sensitive client data. The American Bar Association's Model Rules of Professional Conduct, specifically Rules 1.1 and 1.62 and related Comments, require an attorney to take competent and reasonable measures to safeguard information relating to their clients. This duty to "safeguard' information imposes a significant challenge to firms when using technology in connection with protecting client information because most law firms are not savvy with technology and lack proper cyber security training.
In order for a law firm to protect itself from security breaches and inadvertently violate its duty of safeguarding a client's sensitive information, it is important to take the following actions:
- Start by taking an inventory and risk assessment of the firm to determine what needs to be protected – the inventory should include both technology and data;
- Develop, implement and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations;
- Ensure the cybersecurity program addresses people, policies and procedures, and technology. The cybersecurity program must designate an individual or a group to be in charge and coordinate security;
- Develop an incident response plan scaled to the size of the firm;
- Continually train staff and attorneys to identify and understand potential cybersecurity threats;
- Consider implementing a third-party assessment of firm's cybersecurity program and policies;
- Purchase cyber liability for insurance which not only covers first party losses to law firms (like lost productivity, data restoration, and legal expenses) but also liability protection to third parties;
- Implement authentication and access controls for network, computers and mobile devices used by the firm's staff and attorneys;
- Consider the use of full-drive encryption for computers and mobile devices;
- Have staff and attorneys avoid and/or limit the use of public WiFi when working remotely; and
- Create a disaster recovery plan to backup all data in the event of a cyber-attack or natural catastrophe.
Continually reviewing, implementing, training and updating a firm's cybersecurity program and protocols will help safeguard sensitive and confidential client information and/or data. No law firm wants to be the next data breach headline – so take the necessary steps to avoid a potential disaster.
1 Past ABA Legal Technology Surveys reported 14% in 2016, 15% in 2015, 14% in 2014 and 15% in 2013.
2 On November 1, 2018, California adopted ethics rules patterned after the ABA Model Rules of Professional Conduct.
Ivo Daniele is a seasoned associate in Newmeyer & Dillion's Walnut Creek office. His practice includes representing private and public companies with both their transactional and litigation needs. You can reach Ivo at ivo.daniele@ndlf.com.
About Newmeyer & Dillion
For almost 35 years, Newmeyer & Dillion has delivered creative and outstanding legal solutions and trial results for a wide array of clients. With over 70 attorneys practicing in all aspects of business law, privacy & data security, employment, real estate, construction, insurance law and trial work, Newmeyer & Dillion delivers legal services tailored to meet each client's needs. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer & Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Colorado Supreme Court to Hear Colorado Pool Systems, Inc. v. Scottsdale Insurance Company, et al.
October 10, 2013 —
David M. McLain — Higgins, Hopkins, McLain & Roswell, LLCThe Colorado Pool case has been featured in two past blog entries, including: “An Arapahoe County District Court Refuses to Apply HB 10-1394 Retrospectively,” which discussed the case at the trial court level, and “Colorado Court of Appeals Finds Damages to Non-Defective Property Arising From Defective Construction Covered Under Commercial General Liability Policy,” which discussed the case at the Court of Appeals level. In both instances, the courts held that retroactively applying C.R.S. C.R.S. § 13-20-808 to policies in effect prior to the date of the statute’s enactment would be impermissibly retrospective because it would change the coverage under the policy for which the parties had originally bargained.
Read the court decisionRead the full story...Reprinted courtesy of
David M. McLainDavid M. McLain can be contacted at
mclain@hhmrlaw.com
Pine River’s Two Harbors Now Targets Non-Prime Mortgages
November 05, 2014 —
Jody Shenn - BloombergCount Two Harbors Investment Corp. (TWO) among investors looking for profits in riskier home loans -- and expecting a market for bonds backed by them to re-emerge even with safer issuance showing limited signs of life.
The real-estate investment trust, whose 74 percent total return over the past three years is almost double that of peers, recently told the lenders that have been selling it big, high-quality mortgages that it’s now also seeking to purchase non-prime loans and those with low down payments, Chief Investment Officer Bill Roth said today during a conference call for analysts and investors.
“Our expectation and certainly hope would be as this market opens up and becomes fairly meaningful that a securitization market would develop,” he said. Of course, he sees the timeline as “probably measured in years, not months.”
Read the court decisionRead the full story...Reprinted courtesy of
Jody Shenn, BloombergMs. Shenn may be contacted at
jshenn@bloomberg.net
What Made the Savannah Harbor Upgrade So Complicated?
May 10, 2017 —
Jim Parsons - Engineering News-RecordOf all the East Coast port upgrade programs aimed at luring cargo traffic from the newly widened Panama Canal, the Savannah Harbor Expansion Project (SHEP) may well be the most ambitious, and complex. Elements of the joint effort by the U.S. Army Corps of Engineers’ Savannah District and the state of Georgia—originally estimated to cost $706 million, but subsequently increased to $973 million—range from 40 miles of channel dredging and new water quality mitigation facilities to the addition of an upstream fish passage and the recovery of a Civil War-era relic.
Read the court decisionRead the full story...Reprinted courtesy of
Jim Parsons, ENRENR may be contacted at
ENR.com@bnpmedia.com
3D Printing: A New Era in Concrete Construction
April 11, 2022 —
Zoey Zhao - Construction ExecutiveThe construction of buildings using concrete has been around since the time of the Romans. In all those centuries, concrete structures have been built using essentially the same method: forms, reinforcement, mixing, pouring, setting, repeat.
The process is costly and time-consuming. The construction of the forms alone demands dozens of workers and requires a substantial amount of lumber, keeping labor and materials costs high. Builders might save some time using prefabricated concrete blocks, but such materials are not appropriate for every construction project and carry their own expenses.
For the first time in history, builders have an alternative to traditional concrete construction methods that are more cost-effective, less expensive, more environmentally friendly and allow for a wide range of possible construction projects. Three-dimensional concrete printing for construction has emerged in the building field as a viable and efficient alternative.
Reprinted courtesy of
Zoey Zhao, Construction Executive, a publication of Associated Builders and Contractors. All rights reserved.
Read the court decisionRead the full story...Reprinted courtesy of
Ms. Zhao may be contacted at
zoey@aictbuild.com
Does the Implied Warranty of Habitability Extend to Subsequent Purchasers? Depends on the State
October 08, 2014 —
Beverley BevenFlorez-CDJ STAFFAttorneys for Traub Liberman Straus & Shrewsberry LLP (in JD Supra Business Advisor), discussed how state courts have come to different conclusions as to “whether a subsequent purchaser of a previously inhabited residence can recover contract damages from a builder or general contractor for breach of the implied warranty of habitability.”
Recently, a Pennsylvania “sided with the builder, holding that the implied warranty of habitability was grounded in contract law. Thus, the Court reasoned that an action for breach of the implied warranty of habitability required a showing of contractual privity between the parties. Because there was no contractual privity between the Conways and the builder, the Conways could not pursue an action against the builder based on a breach of the implied warranty of habitability.”
However, other state courts have made other conclusions. “Iowa permits an action for breach of the implied warranty of workmanlike construction by subsequent purchasers and does not require a showing of contractual privity. Rhode Island also does not require contractual privity, but limits liability to latent defects discovered within 10 years of construction.” Vermont and Connecticut, however, require contract privity.
Read the court decisionRead the full story...Reprinted courtesy of
Condo Building Hits Highest Share of Canada Market Since 1971
December 10, 2015 —
Theophilos Argitis – BloombergIt’s the year of the condo for Canada’s housing market.
Construction of multiple units as a share of total new housing starts is at the highest level since 1971, data from Canada Mortgage & Housing Corp. show, as builders in Toronto and Vancouver press ahead with new development.
The condo boom -- fueled in part by affordability issues in Canada’s two priciest markets -- is helping offset a slump in construction of single detached homes across the country.
Read the court decisionRead the full story...Reprinted courtesy of
Theophilos Argitis, Bloomberg
Trial Date Discussed for Las Vegas HOA Takeover Case
February 04, 2014 —
Beverley BevenFlorez-CDJ STAFFJeff German of the Las Vegas Review-Journal reported that Justice Department attorneys filed papers January 28th demanding the trial involving 11 defendants charged in a scheme to take over the Las Vegas Valley homeowners associations to be held no later than September 2nd. The prosecutors claimed “they have gone out of their way to ease the burden on the defense as they have turned over mountains of evidence in the past year.”
However, the defense attorneys allege that they need “at least a year and likely more time” to go through the “more than 3 million pages of documents” and to create a trial strategy, according to German. The defense “asked for an initial late January 2015 trial date.”
The case involves charges against “lawyers, former police officers and corrupt board members” for “packing HOA boards to gain legal and construction defect contracts for themselves.”
Read the court decisionRead the full story...Reprinted courtesy of
