Which BigLaw firms were targets in cyberattacks? Internal Citigroup report lists two of them
Large law firms are at “high risk for cyberintrusions,” according to an internal report by Citigroup’s cyberintelligence center that called for public disclosure of security breaches by law firms.
The report, obtained by the New York Times DealBook blog, said law firms would “continue to be targeted by malicious actors looking to steal information on highly sensitive matters such as mergers and acquisitions and patent applications.”
The report cited two instances of cyberattacks involving BigLaw; there was no indication in either instance that the firms’ security systems had been breached, DealBook says in its story. Security consulting firm iSight Partners was the source of the information on the law firm attacks, the report said.
In one hacker attack in 2012, Fried Frank’s website was infected with malware that could be transferred to site visitors, the report said. The website was hosted by an outside vendor and contained no confidential information, according to a statement by Steve Lewis, director of information systems at Fried Frank.
The statement said Fried Frank’s data network had “never been breached and client information has never been compromised,” DealBook reports.
In another instance, phishing emails apparently launched by Chinese-based hackers used the name of Covington & Burling.
Two smaller law firms were also hacked, the report said. One was targeted in 2012 for its representation of a U.S. soldier accused in the deaths of Iraqi civilians. Another was hacked in 2010 because it had filed a software piracy suit against the Chinese government.
Citigroup spokeswoman Danielle Romero-Apsilos told DealBook the internal report relied on previously published information. “We have apologized to several of the parties mentioned for not giving them an opportunity to respond prior to its publication in light of the sensitive nature of the events described,” Romero-Apsilos said.
