Technology has forever changed the way we do business, mostly for the better. Nonetheless, despite all the convenience and efficiency that modern technology has to offer, it also opens companies up to new security threats. Cyberattacks and data security breaches can be catastrophic for law firms, making investing in security measures a top priority.
Threats to cybersecurity are constantly taking on new forms as hackers change their methods in an attempt to find new ways to access sensitive data. 2019 has already seen a number of significant cyberattacks and security breaches, which should serve as a warning for law firms who want to avoid similar incidents.
Texas Ransomware Attacks
In August 2019, 22 small Texas towns were hit with a coordinated ransomware attack. Hackers demanded digital payments from the local governments in the towns in return for unlocking computer networks. Authorities suspect that the wave of attacks came from a single source. The Texas attacks were just the latest in a series of ransomware attacks targeting local governments, with similar events happening in Baltimore and two Florida towns earlier this year. The federal government estimates that over 4,000 ransomware attacks have happened since January 1, 2016.
In July 2019, Louisiana Governor Bel Edwards declared a statewide cybersecurity emergency following a series of malware attacks directed at schools. Three school districts saw their computer systems disrupted through cyberattacks, although officials did not explain the nature of the attacks. The attacks affected schools in the Morehouse, Ouachita, and Sabine parishes. This is the second time in two years that a state has issued an emergency declaration related to cyberattacks. Colorado similarly declared a state of emergency in March 2018 after a ransomware attack targeting its transportation department.
Facebook Password Breach
Potential security breaches don’t always involve cyberattacks and hackers. In March 2019, Facebook admitted that it had stored hundreds of millions of user passwords in plain text within the social media giant’s internal servers, which would have made it possible for Facebook employees to easily read them. The company reportedly noticed the potentially disastrous situation during a routine security review in January, even though their systems were designed to encrypt the passwords. No breach resulted from the situation, but Ireland officials launched a probe to see if the incident violated the GDPR.
WhatsApp Spying Incident
In May 2019, communication company WhatsApp reported a security flaw that allowed cyberattackers to remotely spy on users with government-grade surveillance. Among those users was a human rights lawyer. After discovering the breach, WhatsApp encouraged its 1.5 billion users to install software upgrades designed to address the flaw. The cyberattackers, identified by media outlets as Israel-based NSO Group, figured out how to exploit a vulnerability in the app to read user messages and install spyware by calling users’ accounts, even if the targets did not answer. The attack was significant because the attackers were able to bypass WhatApp’s end-to-end encryption, which is designed to prevent third parties from reading user messages if they intercept them.
Labs Affected By Hacks on Vendors
Companies need to be concerned with the security of their vendors’ systems, not just their own. In June 2019, both Quest Diagnostics and LabCorp announced that American Medical Collection Agency, one of their customer billing collectors, had been breached, causing the exposure of nearly 20 million clients’ personal data, including credit card numbers, bank account information, and Social Security numbers. Even though the companies’ own networks weren’t breached, they’re facing private lawsuits and investigations by the Illinois and Connecticut attorneys’ general.
U.S. Customs Breach
Contractor-related breaches also impacted the U.S. government. In June 2019, U.S. Customs and Border Protection announced that one of its contractors exposed a database of border traveler photos by copying the images to its own network without permission. The incident affected under 100,000 people who had entered or exited the country through specific lanes at a single border crossing over a period of a month and a half, and exposed photos of those travelers and their license plates.
Exposure of Mortgage Records at First American
In May 2019, First American Title Insurance Co., one of the country’s largest title insurance companies, announced that it had inadvertently made over 885 million mortgage records available to anyone with internet access. The breach exposed sensitive mortgage deal closing documents that contained Social Security numbers, bank account numbers, and drivers’ license images. It hasn’t been confirmed whether cyberattackers actually exploited the security flaw to access the sensitive data.
Firms have every reason to fear cyberattacks, but they can easily be prevented with the right tools and precautions. Veritext Legal Solutions is a recognized industry leader in litigation solutions that incorporate today’s most cutting-edge security measures. At Veritext, we understand the threats today’s law firms are facing and we’re prepared to help firms protect against them. Contact us today to learn more about the technologies that can help you ensure your data security and prevent cyberattacks.