Justin Henry reports:
By exploiting a vulnerability in a widely used file transfer application, hackers were able to access the internal information of several large organizations, including three Am Law 50 law firms, highlighting the vulnerability of widespread use of one third-party application.
The incident has observers wondering: If some of the largest and most profitable law firms, like Kirkland & Ellis, K&L Gates and Proskauer Rose can’t protect their data from bad actors online, what does that say for the rest of the industry?
“It proves that nobody is immune,” said Zach Olsen, president of communications firm Infinite Global. “If they have any blind spots at all in their vendor relationships, or if people aren’t trained to manage spam and phishing attacks, you can spend all the money in the world trying to prevent this stuff from happening, but it’s not usually the fault of the victims.”
Read more at Law.com.
So maybe law firms should stop suing non-law firms over data breaches claiming negligence because it’s not usually the fault of the victims”? Do law firms that don’t want to get bad press from their own data breaches want to sit down and have a long think about all the data breach litigation that has become a cottage industry in recent years?