John Hyde reports:
A Hampshire law firm has been reprimanded by the data watchdog after hackers were able to access client details because of insufficient security measures.
Levales Solicitors LLP, which specialised in criminal and military law, was found by the Information Commissioner’s Office to have failed to ensure the confidentiality of its processing systems.
An ‘unknown actor’ had accessed the firm’s secure cloud-based server and later published the data on the dark web. The material stolen included names, addresses, national insurance numbers, prisoner numbers and health status of clients.
In total, 8,234 UK data subjects were affected. Of these, 863 were deemed to be at ‘high-risk’ of harm or detriment due to the special category of data including data pertaining to ‘homicide, terrorism, sexual offences, offences involving children or particularly vulnerable adults’.
Read more at The Law Society Gazette.
How many U.S. law firms have been compromised in the past five years because they had inadequate data security? Have any of them received even a reprimand from any regulator for not having MFA or for not having even reviewed their security measures with their IT vendor for years?
Happy Canadian Thanksgiving :’)
Thank you! You, too!