Tannenbaum Helpern Syracuse & Hirschtritt, LLP
About Us Careers Contact Us Search
Home Practice Areas Industries Case Results Attorneys Publications Events Press Room

Recent Cyber Attack On Law Firms Serves As A Wake-Up Call For Professional Services Firms

Cyber criminals are becoming more sophisticated and are expanding their targets to include professional services firms that possess confidential information as illustrated by recent highly publicized cyberattacks on law firms. Data breaches not only bring unwanted media attention, but also raise concerns among clients about how vulnerable their data is in the hands of service providers. Consequently, professional services firms should continuously assess their cyber-risk exposures.


On December 25, 2016, the U.S. Attorney for the Southern District of New York filed criminal charges against three Chinese individuals for having implemented a sophisticated scheme to trade on insider information about unannounced upcoming corporate transactions involving publicly traded companies[1].

The scheme involved gaining access to the email servers of at least two prominent New York law firms through the use of malware. Once inside the firms’ systems, the hackers stole copious amounts of data from the emails of several partners, containing details of unannounced M&A deals. Armed with this confidential information, the defendants traded in the stock of the companies involved and racked up at least $4 million in illicit trading profits. The transactions at the heart of the allegations include notable acquisitions involving Intel, Pitney Bowes and others.

The breach involved in this case will not be the last time the computer networks of professional services firms, large and small alike, are exploited by domestic or international criminals, as the legal industry has already learned with such stories as the “Panama Papers” breach in early 2016.


It should not surprise accountants, investment bankers, lawyers and other professionals that they are prime targets for cyber criminals. This is especially true for those who are involved in transactions the details of which are easily monetized, such as through illegal trading. Nevertheless, cybersecurity practices at professional services firms tend to be weak. The consequences of a data breach for professional services firms can be devastating, in terms of the damage a breach can cause to their clients’ businesses, and the reputational and public relations impact on the firm itself. For example, a professional services firm that has suffered a data breach may face potential legal liability to its clients, and may have violated applicable ethical rules. A class action complaint recently unsealed in Illinois accuses Chicago-based law firm Johnson & Bell of inadequate security protections for client data, even though there is no allegation that any data was actually stolen.

Additionally, as the U.S. legal and regulatory landscape evolves, professionals might find that they have violated a variety of federal and state statutes, that require businesses to exercise due care in protecting their clients’ private data from cyberattacks.


Consequently it is becoming increasingly clear that law firms, accounting firms and other professional services firms can no longer wait to assess and address the cyber risks they face. Professional services firms should implement measures, both institutionally and technologically, to mitigate these risks. Best practices are beginning to emerge, including those enunciated by the Center for Internet Security, and the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) Cybersecurity Framework. The California Attorney General has said that “the 20 controls in the Center for Internet Security’s Critical Security Controls identify a minimum level of information security that all organizations that collect or maintain personal information should meet. The failure to implement all the Controls that apply to an organization’s environment constitutes a lack of reasonable security.” Every professional firm needs to review and implement those controls.

For more information on the topic discussed, contact Andre R. Jaglom at jaglom@thsh.com, David R. Lallouz at lallouz@thsh.com, Michael Riela at riela@thsh.com, or any other member of the Firm’s Cybersecurity and Data Privacy Practice. For more information on Tannenbaum Helpern’s Cybersecurity and Data Practice’s capabilities, visit us at www.thsh.com.

[1] The U.S. Department of Justice’s press release is available at https://www.justice.gov/opa/pr/manhattan-us-attorney-announces-arrest-macau-resident-and-unsealing-charges-against-three.

About Tannenbaum Helpern Syracuse & Hirschtritt LLP

Since 1978, Tannenbaum Helpern Syracuse & Hirschtritt LLP has combined a powerful mix of insight, creativity, industry knowledge, senior talent and transaction expertise to successfully guide clients through periods of challenge and opportunity. Our mission is to deliver the highest quality legal services in a practical and efficient manner, bringing to bear the judgment, common sense and expertise of well trained, business minded lawyers. Through our commitment to service and successful results, Tannenbaum Helpern continues to earn the loyalty of our clients and a reputation for excellence. For more information, visit www.thsh.com. Follow us on LinkedIn and Twitter: @THSHLAW.

Business Litigation Bulletin
Employment Notes
Note from the Real Estate Group
THSH E-Alert
Other Publications
Inclement Weather Policy
Other Publications Archive
President Obama Seeks to Broaden Overtime Protections for Employees
Privacy regulation in the United States
The Broad Scope of Franchise Laws: Traps for the Distribution Contract Drafter
Managing Distribution: How to Develop a Corporate Legal Compliance Program
Internet Distribution, E-Commerce and Other Computer Related Issues
Distribution Contracts
What Impact Will FATCA Have on Offshore Hedge Funds and How Should Such Funds Prepare for FATCA Compliance?
The American Taxpayer Relief Act of 2012: What It Means to You
Privilege and the In-House Counsel: Protecting Your Communications Through Proper Registration and Careful Understanding
Are your digital communications protected by attorney-client privilege and what if privileged information is disclosed?
THSH Private Equity Roundtable Summary
Post Grant Review Under the America Invents Act
Bench-Bar Conversation with Justice Carolyn E. Demarest
Proposed Changes Set to Alter Estate and Gift Tax Structure in New York: Time to Make a Gift?
New York City Paid Sick Leave – What Staffing Firms Need to Know
New York State Estate and Gift Tax: The Hidden Costs of Tax Reform
Assessing Never-Examined SEC-Registered Investment Advisers: An SEC NEP Priority
Changes to NY Minimum Wage
NLRB Strikes Again
Bench-Bar Conversations with Justice Elizabeth Emerson
Attorney Professionalism Forum: What should an attorney do when the client wants to present false information and what happens
Reducing the risk of violating competition law
NY Rings in 2015 with a Minimum Wage Increase
Distribution & Agency 2015 - Q&A on the distribution of goods and services in 17 jurisdictions worldwide
Fair Chance Act
Sales Taxes on Construction Projects
Forget Big Brother, What Happens When it’s Opposing Counsel is Doing the Recording?
E-Discovery Identification & Preservation Guide For Lawyers (Version 2.0)
On the Horizon: What to do before selling your staffing business
Striking the Right Encryption Balance after FBI, Apple Fracas
Delaware Court Reiterates Need for Unambiguous Non-Reliance Provisions in M&A Agreements
Finalizing a Divorce? Wait, Just One More Thing …
IRS Proposed Changes to IRC 2704 Affect Business Succession and Estate Planning Valuation Discounts
Trump and the Estate Tax: What We Know
Actual-Intent Fraudulent Transfers and the Crime/Fraud Exception
Proposed NYS DFS Cybersecurity Regulations to Significantly Impact FS Companies
New Guidance for Human Resource Professionals to Avoid Antitrust Violations
Merger and Scènes à Faire: Two Defenses to Substantial Similarity in Copyright Litigation
What’s New in the Revised New York State Proposed Cybersecurity Regulation?
The Law of Insider Trading: A Primer For Investment Managers
Recent Cyber Attack On Law Firms Serves As A Wake-Up Call For Professional Services Firms
The Ambac Decision and the Future of the Common Interest Privilege Under the New York Law
Overview of Data Privacy and Cybersecurity Regulatory Landscape for Investment Advisers and Other Financial Services Companies
Global Ransomware Attack: Basic Security Measures Every Business Should Adopt
Distribution & Agency 2017- Q&A on the distribution of goods and services in 17 jurisdictions worldwide
New Copyright of Resource: Copyright Protection
Attorney Professionalism Forum: Using Per Diem Attorneys Plus An Addendum To The June Forum On Cybersecurity Ethics
Congressional Republicans Propose Sweeping Tax Reform
Attorney Professionalism Forum: Attorney-Client Confidentiality vs. the Customs Agent: Who Wins?
Attorney Professionalism Forum: Confidentiality Issues When Clients Don’t Tell The Truth
Rules for Equity Crowdfunding Effective May 16, 2016
Estate Planning Under Comprehensive Tax Reform
Attorney Professionalism Forum: Attorney Websites, Branding and Using Social Media
Attorney Professionalism Forum: Attorney Advertising And Self Promotion
NY Appellate Court Shifts Balance of Power in Commercial Real Estate Leases: Upholds Yellowstone Injunction Waiver
Recent Developments in Neighbor Litigation
Attorney Professionalism Forum: Communicating With Clients With Diminished Capacity
Attorney Professionalism Forum: Litigation Financing
Groundbreaking bipartisan Congressional Legislation could pave the way to fully legalized Marijuana
Conditions Precedents in Construction Contracts
Distribution & Agency 2018 - Q&A on the distribution of goods and services in 18 jurisdictions worldwide
Data Privacy Alert: California Consumer Privacy Act of 2018 Just Enacted
Attorney Professionalism Forum: Litigation Financing Confidentiality and Marijuana Ethics For Lawyers
U.S. Markets See First Cannabis IPO
NYS Department of Financial Services Issues Guidance to Banks on Servicing the Marijuana Industry
THSH Cyber Alert: GoDaddy the latest to leave S3 Bucket Unsecured
Legalized Adult-Use Marijuana Coming to New York?
NYS and NYC Sexual Harassment Prevention Laws
Are Your Website and Privacy Policy GDPR Compliant?
Attorney Professionalism Forum: Ethics and Best Practices For Law School Clinics
Beware of the AIA Form of Performance Bond
Attorney Professionalism Forum: Referral Fees and Using a Client as an Expert
Anecdotes from World’s Largest B2B Cannabis Conference
Attorney Professionalism Forum: Restrictive Covenants In Agreements Employing Lawyers
Turndown Service with that Hack: Marriott Hotels Announce Massive Data Breach
Attorney Professionalism Forum: Handling Confidential Client Information
Groundbreaking 2018 Farm Bill Portends Huge Changes to U.S. Cannabis and Hemp Industries
Attorney Professionalism Forum: The Challenges of Litigating Against Pro Se Parties
Articles By Topic
Cyber & Privacy Alert
New York Law Journal
Attorney Professionalism Forum
Join Our Mailing List
Like us on FaceBook Follow us on Twitter Get LinkedIn with us Pin It! Email Us Print this Page

Sitemap |Terms of Use | Privacy | Attorney Advertising

Tannenbaum Helpern Syracuse & Hirschtritt LLP provides legal advice only to individuals or entities with which it has established an attorney-client relationship and such advice is based on the particular facts and circumstances of each matter. Contacting us through this site, or otherwise, will not establish an attorney-client relationship with us. Any e-mail or other communication sent to THSH or its lawyers through this site will not be treated as subject to the attorney-client privilege or as otherwise confidential and you should not include any confidential information in any such communication.