Panama Papers: What Data Breach Means for Law Firms

Aliah D. Wright By Aliah D. Wright April 7, 2016

Experts worldwide are calling the data breach surrounding the so-called Panama Papers—more than 11.5 million documents detailing how hundreds of wealthy people hid money in offshore banks and investments to avoid paying taxes—the biggest data breach in history.

It’s a stark lesson for HR and IT professionals working in law firms about keeping data more secure.

Panamanian law firm Mossack Fonseca suffered a data breach of astronomical proportions when a hacker broke into the firm’s servers, stole millions of e-mails and PDFs, and then sent them to the press, the law firm has announced.

The papers reveal how tens of thousands of people, including high-ranking politicians, their families, celebrities and wealthy citizens of more than 40 countries, hid trillions of dollars in order to avoid paying taxes.

Hack Consequences

Fallout over the Panama Papers has been swift. After numerous protests, Iceland Prime Minister Sigmundur David Gunnlaugsson reportedly stepped down after the papers revealed he lied about hiding millions in an offshore company.

No one knows who stole the documents. The person who hacked into Mossack’s servers and released the information has remained anonymous. The law firm says it was an external hack.

“We rule out an inside job. This is not a leak,” Ramon Fonseca, one of the firm’s founding partners, told Reuters news service. “This is a hack.”

German newspaper Süddeutsche Zeitung spoke to the hacker. It writes that “the source wanted neither financial compensation nor anything else in return, apart from a few security measures” to protect how he or she revealed the information—including communicating with the press via encrypted messages.

HR Implications

HR and IT professionals who work at law firms must be especially cautious about protecting client data.

Last year, the American Bar Association reported in its Legal Technology Survey that 1 in 4 firms with at least 100 attorneys have experienced a data breach. The breaches were blamed on hackers, website attacks, or stolen or lost smartphones or computers. Last week, cyberthieves broke into two New York law firms that represent Fortune 500 companies and banks on Wall Street. U.S. federal investigators are examining the data breaches at Weil Gotshal & Manges LLP and Cravath Swaine & Moore LLP.

It is unclear what was taken in those breaches.

“Law firms represent a lucrative cache of data that makes them incredibly attractive to cybercriminals,” Mark Sangster, vice president and industry security strategist at Canadian-based computer security company eSentire, told SHRM Online.

“There are some law firms with excellent automated and adaptive cyber defense capabilities, but many are stuck in the dark ages of wigs, candles to read by and quill pens to write with,” Phillip Lieberman, president of Los Angeles-based Lieberman Software, told American Lawyer.

Law firms need to do a better job with security, experts said.

“Until now, the legal industry has generally operated within a loose set of cybersecurity guidelines,” Sangster noted. “However, quickly, we expect to see hard-line compliance rules and fines come to firms with substandard cybersecurity defenses in the future.”

In some cases, it’s already beginning. Just last year, SHRM Online reported that the Federal Trade Commission can sue companies that experience data breaches.

“Long story short, if you want to keep something confidential, don’t put it on a computer, specifically one connected to the Internet,” Dodi Glenn, vice president of cyber security at PC Pitstop, told SHRM Online. His Sioux City, Iowa-based company develops security software.

“The very second you do that, you can assume the data can be purloined.”

Aliah D. Wright is an online editor/manager for SHRM. Follow her on Twitter @1SHRMScribe or


Job Finder

Find an HR Job Near You
Search Jobs

Are you a department of one?

Expand your toolbox with the tools and techniques needed to fix your organization’s unique needs.

Expand your toolbox with the tools and techniques needed to fix your organization’s unique needs.



HR Daily Newsletter

News, trends and analysis, as well as breaking news alerts, to help HR professionals do their jobs better each business day.