6 major law firm hacks in recent history

  • Print


Law firms have been victims of some of the most damaging hacks in recent history. Here’s a list of the major law firm hacks in the past five years:

1. Panama City

Panama Papers—More than 11.5 million documents from the Panama-based law firm Mossack Fonseca were leaked to the public.

The information leaked was 2.6 terabytes of data, which is more than the contents of the Edward Snowden National Security Agency leaks and the 2010 WikiLeaks documents combined.

The International Consortium of Investigative Journalists combed through hundreds of thousands of documents to reveal the law firm’s involvement in helping to create more than 200,000 shell corporations for tax evasion purposes.

The fallout has been substantial. Iceland Prime Minister Sigmundur David Gunnlaugsson resigned after accusations of fraud, and Jose Manuel Soria, the minister of industry for Spain, also resigned after information came out about his family’s offshore accounts. Uruguay also arrested five people for money laundering associated with Mexican drug cartels.

Read the main bar: Law firms must manage cybersecurity risks

2. New York City

Cravath/Weil—On March 29, 2016, the Wall Street Journal reported that hackers had broken into the files of some of the biggest law firms in an insider-trading scheme that involved planned mergers.

Although the Manhattan U.S. attorney’s press release didn’t name the firms, news media matched details in the release to law firms that represented parties in the mergers and named Cravath, Swaine & Moore and Weil Gotshal & Manges as being victims of the hack.

The press release linked the hacks to three foreign nationals who used information stolen from the firms for insider trading, gaining more than $4 million.

3. Worldwide

Oleras—In February 2016, an alert went out to 46 law firms in the United States and two law firms in the U.K. that Ukraine-based hacker Oleras was advertising phishing services on a Russian website. According to the Wall Street Journal, this was related to the March 2016 breaches of major law firms.

4. London

Thirty Nine Essex Street—On Feb. 24 and 26, 2014, the U.K. firm Thirty Nine Essex Street was cyber-attacked. Booz Allen Hamilton, a technology consulting firm, reported that the attack was most likely from the Russian state-sponsored group Energetic Bear. This group is linked to hacking utility companies in the United States and Europe in 2014.

5. Toronto

Trust Account—In December 2012, a Toronto-based law firm was hit with a computer virus, which stole a six-figure amount from the firm’s trust account. The hackers installed a Trojan horse virus to get access to passwords to the firm’s bank accounts.

6. Washington, D.C.

Wiley Rein—Also in 2012, Wiley Rein, one of the largest law firms in Washington, D.C., was hacked, most likely by Chinese state-sponsored operatives. According to Bloomberg News, the hackers wanted information related to SolarWorld, the German-based manufacturer that produces solar panels. SolarWorld’s computers were hacked at about the same time.

This article originally appeared in the March 2017 issue of the ABA Journal with this headline: “A History of Hacking.”

Give us feedback, share a story tip or update, or report an error.