Proskauer Cyber Attack Left Sensitive Client Data Unguarded
Proskauer Cyber Attack Left Sensitive Client Data Unguarded (1)
Mahira Dayal
Correspondent
Attack on law firm’s cloud storage system compromised data
Covington firm faces heat from SEC over client data breach
A data breach at Proskauer Rose exposed client data, including sensitive legal and financial information, the law firm confirmed Friday.
“Our tech security team recently learned that an outside vendor that we retained to create an information portal on a third-party cloud-based storage platform had not properly secured it,” Joanne Southern, a Proskauer spokeswoman, said via email.
The breach, which the firm called the result of a cyber attack, was first reported by TechCrunch. Data containing financial and legal documents, contracts, non-disclosure agreements and financial deals were released in the leak, according to the report.
Proskauer declined to specify the nature of the data or how long it was exposed.
Southern said the breach stemmed from an attack against the firm’s cloud storage system. The firm resolved the threat two weeks ago and secured the data with an additional firewall, she said.
“Our IT security team immediately took steps to reconfigure the site and secure its data,” Southern said. “This is an ongoing investigation and we have been urgently working with in-house and third-party cybersecurity experts to confirm our current understanding of the facts.”
Proskauer is a go-to legal adviser for sports clients, including Major League Baseball, the National Basketball Association, Major League Soccer and others. It also represents banks, like Morgan Stanley, and has advised on deals involving JPMorgan Chase & Co.
“We will communicate promptly with all affected parties as soon as we gain sufficient information to responsibly do so,” Southern said.
The impact of the attack will depend on the types of data leaked, said Mike Hamilton, founder of cybersecurity firm Critical Insight. Contracts, for example, may not concern a firm’s clients as much as an intellectual property leak.
“Personally identifiable or privacy related information today scales to a whole different set of problems,” Hamilton said.
A cyberattack at Washington-based Covington & Burling has sparked an ongoing fight between the firm and the Securities and Exchange Commission. The agency is trying to force Covington to disclose the names of clients that may have been impacted by the 2020 data breach.
Several major firms have backed Covington, which faces a lawsuit from the SEC. They say a ruling for the SEC could weaken attorney-client confidences.
(Updated with comments from Hamilton in 9th and 10th paragraphs.)
To contact the reporter on this story: Mahira Dayal in New York at [email protected]
To contact the editors responsible for this story: Chris Opfer at [email protected]; John Hughes at [email protected]
Mahira Dayal
Correspondent
Attack on law firm’s cloud storage system compromised data
Covington firm faces heat from SEC over client data breach
A data breach at Proskauer Rose exposed client data, including sensitive legal and financial information, the law firm confirmed Friday.
“Our tech security team recently learned that an outside vendor that we retained to create an information portal on a third-party cloud-based storage platform had not properly secured it,” Joanne Southern, a Proskauer spokeswoman, said via email.
The breach, which the firm called the result of a cyber attack, was first reported by TechCrunch. Data containing financial and legal documents, contracts, non-disclosure agreements and financial deals were released in the leak, according to the report.
Proskauer declined to specify the nature of the data or how long it was exposed.
Southern said the breach stemmed from an attack against the firm’s cloud storage system. The firm resolved the threat two weeks ago and secured the data with an additional firewall, she said.
“Our IT security team immediately took steps to reconfigure the site and secure its data,” Southern said. “This is an ongoing investigation and we have been urgently working with in-house and third-party cybersecurity experts to confirm our current understanding of the facts.”
Proskauer is a go-to legal adviser for sports clients, including Major League Baseball, the National Basketball Association, Major League Soccer and others. It also represents banks, like Morgan Stanley, and has advised on deals involving JPMorgan Chase & Co.
“We will communicate promptly with all affected parties as soon as we gain sufficient information to responsibly do so,” Southern said.
The impact of the attack will depend on the types of data leaked, said Mike Hamilton, founder of cybersecurity firm Critical Insight. Contracts, for example, may not concern a firm’s clients as much as an intellectual property leak.
“Personally identifiable or privacy related information today scales to a whole different set of problems,” Hamilton said.
A cyberattack at Washington-based Covington & Burling has sparked an ongoing fight between the firm and the Securities and Exchange Commission. The agency is trying to force Covington to disclose the names of clients that may have been impacted by the 2020 data breach.
Several major firms have backed Covington, which faces a lawsuit from the SEC. They say a ruling for the SEC could weaken attorney-client confidences.
(Updated with comments from Hamilton in 9th and 10th paragraphs.)
To contact the reporter on this story: Mahira Dayal in New York at [email protected]
To contact the editors responsible for this story: Chris Opfer at [email protected]; John Hughes at [email protected]
