Bradford Bleier, a unit chief in the Cyber Division of the FBI, offered up the obvious in November 2011 at the 19th Annual Review of the Field of National Security Law: “Law firms have tremendous concentrations of really critical private information” and breaking into a firm’s network “is a really optimal way to obtain economic and personal security information.”
Yet, despite this attraction, law-firm data breaches rarely hit the papers. Thankfully for law firms, it seems that low-hanging fruit with larger stores of data have taken the attention of criminals — leaving only sporadic reported incidents such as the cyber attacks against Gipson Hoffman & Pancione in Los Angeles after the law firm represented software maker CYBERsitter, LLC, in a $2.2 billion software piracy action filed against the People’s Republic of China and seven major computer manufacturers. It may be that law firms are less focused on data security than financial institutions and health-care organizations, which routinely report breaches, and, as a result, law-firm breaches may go undetected. Those breaches that are discovered, however, may not require disclosure if the exposed information is not the type that triggers notification obligations under the statutes.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]
