More than 100 law firms have reported data breaches; 2 BigLaw firms affected

  • Print.

data breach

Image from

More than 100 law firms have reported data breaches to authorities in 14 states since 2014, according to an analysis by

Two of the largest law firms reporting breaches were Jenner & Block and Proskauer Rose, reports. The publication obtained information for its article through public records requests.

Many of the breaches were attributed to phishing attacks, hacking and vendor security lapses.

Jenner and Proskauer reported they were victimized by what appeared to be legitimate requests for W-2 forms.

Jenner & Block reported that employees’ W-2 forms were “mistakenly transmitted to an unauthorized recipient” in 2017 based on what appeared to be a legitimate management request. The phishing incident may have exposed Social Security numbers, salaries and other personal information for 859 people, the law firm told New York authorities.

Jenner told it complied with legal and reporting requirements in connection with the incident and it provided assistance to affected personnel.

Proskauer also reported a breach of W-2 information in 2016 when a payroll employee responded to what was believed to be an email request from a senior executive. More than 1,500 people were affected, Proskauer told New York authorities. Proskauer said it was taking steps to make sure such an incident could not happen again.

Three other law firms—Harris Beach, McGlinchey Stafford and Sanford Heisler Sharp—reported unauthorized access to email accounts.

About 20 states do not require reporting to state officials in the event of a breach, according to another story. Some other states only require reporting for data breaches above a certain threshold.

Give us feedback, share a story tip or update, or report an error.