Law firms targeted in top 10 worst cyber attacks

Cyber attacks that targeted major Canadian law firms are among the top 10 worst security breaches in North America, according to a list compiled by virtual data room provider Firmex.

The list, which includes Google and Dallas marketing firm Epsilon, cites a total of 11 unnamed Canadian law firms among companies across the continent that suffered major cyber break-and-enters, potentially revealing sensitive client information to hackers.

In one 2010 security breach involving a takeover deal between BHP Billiton and Potash Corp, “hackers rifled through the networks of seven law firms looking for confidential information pertaining to the proposed $38 billion bid,” says Firmex.

The incident was blamed on China’s state-owned Sinochem Group, which allegedly feared BHP’s takeover of Potash Corp would lead to a global control over supply of potash and sought to disrupt the bid, according to Fermex.

Attacks against law firms are becoming more targeted, says Debbie Stephenson, who researched security breaches to compile the list.

“Hackers are seeing if they can get backdoor entry to law firms, they can get access to a lot of client information,” she says. “They’re becoming smarter.”

In another attack in April 2011, which Firmex calls “one of the most devious,” four Canadian law firms were targeted by hackers attempting to access sensitive documents by posing as partners who were working on an acquisition of a Chinese company, says Stephenson.

Lawyers “received e-mails that appeared to be from a partner working on the deal,” the Firmex list explains. “The e-mails were fake and included attachments that contained malware, which when opened successfully infected dozens of computers.”

It’s unclear if confidential documents were actually leaked through the espionage, but the fact that hackers can gain access to law firm computers is troubling, says Stephenson.

While not on Stephenson’s list, last December a Toronto-area law firm lost “a large six figure” amount after a virus gave hackers backdoor access to its bookkeeper’s computer, according to LawPRO. The virus copied bank account passwords as she typed them. 

Law firms are “somewhat lagging in security,” she adds. “They’re playing catch-up with these advanced techniques.” l

Some law firms have banned use of personal e-mail at work to reduce risks and others outlawed use of document sharing products like Dropbox, which lack advanced encryption features.

“It’s just important to note that [cyber attack] is on the rise,” says Stephenson. “It is the new crime wave in the millennium and it’s something that we’re really not prepared for.”

Free newsletter

The Canadian Legal Newswire is a FREE weekly newsletter that keeps you up to date on news and analysis about the Canadian legal scene. A separate InHouse Edition is delivered every two weeks, providing targeted news and information of interest to in-house counsel.

Please complete the form below to receive the weekly Canadian Legal Newswire and/or the Canadian Inhouse Legal Newswire.

Recent articles & video

PwC powers-up legal services with AI platform

Law careers may start on Instagram…

Top Intellectual Property and Labour and Employment Boutiques survey closes on Friday

Differentiating common law from marriage in family law

Insights on Quebec’s plan to restrict the sale of cannabis edibles

Make legal aid an election issue

Most Read Articles

True North and Rebel News seek judicial review on press accreditation denial for debates

Millennial lawyers look for the value proposition

EY Law overtakes PwC in global alternative legal services rankings

Convicted person has right to lesser of two punishments existing at time of commission or sentencing