Login | April 26, 2024
Cadwallader hit with class action suit over data breach; ABA hacked
RICHARD WEINER
Technology for Lawyers
Published: May 26, 2023
Are you absolutely sure that your firm’s client data is secure from a cyberattack? Because even the big boys are getting hacked.
Cadwallader Wickersham and Taft, New York City’s oldest law firm with over 400 attorneys in four offices, has been hit with a proposed class action lawsuit over a 2022 data breach. The lawsuit was first reported by the Bressler Risk Blog.
The suit, filed by Painesville, Ohio attorney Patrick Perotti in the Southern District of New York, alleges that the law firm “failed to prevent the data breach because it did not adhere to commonly accepted security standards and failed to detect that its databases were subject to a security breach.”
Perotti’s suit alleges that upwards of 93,000 people “had identifying information compromised and are at risk…”.
The attack happened on November 15 and 16, 2022, and reportedly affected the firm’s operations for weeks thereafter in addition to allegedly compromising client data. According to media reports, the firm had to wipe data from its laptops and forced some of its internal systems offline. The firm’s internal document management system stayed offline for weeks, according to reports, and only came back up after a work-around whose functionality was less than the original system’s and which did not include access to Microsoft Word. Some of that reporting has been disputed by the firm.
Nevertheless, pretty cool to see a local kid go after such a big target, isn’t it?
ABA hacked
The American Bar Association suffered a data breach on March 17, 2023 which affected the online credentials of almost 1.5 million members.
As far as anyone can tell, apparently, no member data was compromised or stolen and there was no ransomware. But there is concern that legacy credentials could still be abused—because, you know, you still use your passwords from ten years ago, right?
So here is another warning for you to change your passwords and sign-in credentials regularly. And also to not have your 10-year-old ABA passwords be the same as your current online banking passwords.