Get access to the exclusive HR Resources you need to succeed in 2018!
Training, policies and tools to help HR prevent and respond to harassment claims.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Develop your HR competencies and knowledge in-person in 12 U.S. cities or virtually.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
Experts worldwide are calling the data breach surrounding the so-called Panama Papers—more than 11.5 million documents detailing how hundreds of wealthy people hid money in offshore banks and investments to avoid paying taxes—the biggest data breach in history.
It’s a stark lesson for HR and IT professionals working in law firms about keeping data more secure.
Panamanian law firm Mossack Fonseca suffered a data breach of astronomical proportions when a hacker broke into the firm’s servers, stole millions of e-mails and PDFs, and then sent them to the press, the law firm has announced.
The papers reveal how tens of thousands of people, including high-ranking politicians, their families, celebrities and wealthy citizens of more than 40 countries, hid trillions of dollars in order to avoid paying taxes.
Fallout over the Panama Papers has been swift. After numerous protests, Iceland Prime Minister Sigmundur David Gunnlaugsson reportedly stepped down after the papers revealed he lied about hiding millions in an offshore company.
No one knows who stole the documents. The person who hacked into Mossack’s servers and released the information has remained anonymous. The law firm says it was an external hack.
“We rule out an inside job. This is not a leak,” Ramon Fonseca, one of the firm’s founding partners, told Reuters news service. “This is a hack.”
German newspaper Süddeutsche Zeitung spoke to the hacker. It writes that “the source wanted neither financial compensation nor anything else in return, apart from a few security measures” to protect how he or she revealed the information—including communicating with the press via encrypted messages.
HR and IT professionals who work at law firms must be especially cautious about protecting client data.
Last year, the American Bar Association reported in its Legal Technology Survey that 1 in 4 firms with at least 100 attorneys have experienced a data breach. The breaches were blamed on hackers, website attacks, or stolen or lost smartphones or computers. Last week, cyberthieves broke into two New York law firms that represent Fortune 500 companies and banks on Wall Street. U.S. federal investigators are examining the data breaches at Weil Gotshal & Manges LLP and Cravath Swaine & Moore LLP.
It is unclear what was taken in those breaches.
“Law firms represent a lucrative cache of data that makes them incredibly attractive to cybercriminals,” Mark Sangster, vice president and industry security strategist at Canadian-based computer security company eSentire, told SHRM Online.
“There are some law firms with excellent automated and adaptive cyber defense capabilities, but many are stuck in the dark ages of wigs, candles to read by and quill pens to write with,” Phillip Lieberman, president of Los Angeles-based Lieberman Software, told American Lawyer.
Law firms need to do a better job with security, experts said.
“Until now, the legal industry has generally operated within a loose set of cybersecurity guidelines,” Sangster noted. “However, quickly, we expect to see hard-line compliance rules and fines come to firms with substandard cybersecurity defenses in the future.”
In some cases, it’s already beginning. Just last year, SHRM Online reported that the Federal Trade Commission can sue companies that experience data breaches.
“Long story short, if you want to keep something confidential, don’t put it on a computer, specifically one connected to the Internet,” Dodi Glenn, vice president of cyber security at PC Pitstop, told SHRM Online. His Sioux City, Iowa-based company develops security software.
“The very second you do that, you can assume the data can be purloined.”
Aliah D. Wright is an online editor/manager for SHRM. Follow her on Twitter @1SHRMScribe or Facebook.com/aliahwrites.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
SHRM Member Discounts Program
SHRM’s HR Vendor Directory contains over 3,200 companies