Law Firm Credentials for Sale on the Dark Web: Understanding Your Cybersecurity Vulnerabilities

Ruth Promislow
Bennett Jones LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Bennett Jones LLP

Law firms are being vigorously attacked by hackers. This is unsurprising given that law firms are repositories of incredibly valuable and commercially sensitive information about their clients and maintain large sums of money in their trust accounts.

Lawyers should be paying particular attention to a white paper published yesterday from RepKnight. The cybersecurity company searched the Dark Web and found over a million leaked and hacked credentials from top law firms in the United Kingdom. These firms may now be vulnerable to the theft of highly sensitive information as well as other cyberattacks—chances are good some of them have already been compromised.

RepKnight searched for 500 different UK law firms on the Dark Web, including ‘magic circle’ firms and global firms with UK offices. They found compromised credentials from every single one of those firms, more than half of which had been posted within the last six months.

When hackers obtain passwords as well as email addresses, they can use bots to launch ‘credential stuffing’ attacks where the same login information is attempted on multiple sites. Because of how common it is to repeat the same password over different sites, this can result in breaches across multiple networks. The leaked information also puts employees at risk of identity fraud and ‘spear phishing’ attacks, where information is used to specifically target and individual. LawPRO has reported on spear phishing attacks across Ontario over the past few years.

RepKnight reports that most of the compromised information did not come from direct attacks, but rather resulted from breaches at third-party websites where law firm employees had registered using their work email addresses. Third-party service providers are a very common weak point for cyberattacks at organizations of all sizes.

Keeping client information confidential is one of the most important responsibilities of law firms. It is both a professional obligation and a key component of maintaining a firm’s reputation. Law firms which do not protect client data and their accounts may be at significant risk of breaching their fiduciary obligations, damaging their reputation, and losing money.

Sole practitioners and law firms both large and small must take steps to identify their cybersecurity risks and implement a plan to address these risks.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bennett Jones LLP | Attorney Advertising

Written by:

Bennett Jones LLP
Bennett Jones LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Bennett Jones LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide