BigLaw firm acknowledges cyberattack on vendor left its data exposed
Image from Shutterstock.
Proskauer Rose has said it is investigating an incident in which its data was exposed on a cloud-based platform.
Proskauer issued a statement Friday in response to a report by TechCrunch that information from its mergers and acquisitions practice was left on an unsecured cloud server for more than six months, report Law360 and Bloomberg Law.
“Our tech security team recently learned that an outside vendor that we retained to create an information portal on a third-party cloud-based storage platform had not properly secured it,” the statement said.
Proskauer said the data was exposed in a cyberattack, and it resolved the problem two weeks ago. The law firm did not identify the type of data that was exposed.
“Our IT security team immediately took steps to reconfigure the site and secure its data,” the statement said. “This is an ongoing investigation and we have been urgently working with in-house and third-party cybersecurity experts to confirm our current understanding of the facts.”
Proskauer said it would “communicate promptly with all affected parties as soon as we gain sufficient information to responsibly do so.”
“We take the protection of our data incredibly seriously and take aggressive steps to monitor and protect against any unauthorized access or use of that data,” the statement said.
Some BigLaw firms are facing legal issues as a result of exposed data, according to Law360 and Bloomberg Law.
The U.S. Securities and Exchange Commission sued Covington & Burling in January to obtain the names of 298 publicly traded clients affected by a 2020 cyberattack.
Meanwhile, two proposed class actions were filed in March against Smith, Gambrell & Russell over a July 2021 cybersecurity breach. The suits allege that the firm failed to safeguard client information and waited too long to disclose a hack of its cloud-based database.