In a troubling cybersecurity incident, Quinn Emanuel Urquhart & Sullivan, a renowned U.S. law firm, disclosed that a third-party vendor responsible for electronic discovery services suffered a ransomware attack.
The attack, which took place in May 2022, may have exposed client information stored within the vendor’s network. Fortunately, the law firm confirmed that its own network infrastructure remained unaffected by the breach.
However, the incident raises serious concerns about the security of sensitive data held by legal service providers, especially after other prominent law firms like Jones Day and Goodwin Procter faced similar breaches through third-party vendors like Accellion in 2021.
Quinn Emanuel Urquhart & Sullivan, boasting a vast team of over 1,000 lawyers, promptly notified fewer than 2,000 individuals of the potential data exposure. The law firm has engaged cyber and forensic experts to investigate the scope of the breach and collaborated with law enforcement authorities to prevent further breaches and recover any compromised electronic discovery material.
Nonetheless, the incident underscores the increasing threats that legal service providers face from cyberattacks, putting both their clients’ information and their own business data at risk.
This incident is part of a disturbing trend involving third-party vendors in the legal sector. Other law firms, including Orrick, Herrington & Sutcliffe; Cadwalader, Wickersham & Taft; Loeb & Loeb; and Gibson, Dunn & Crutcher, have also reported cybersecurity incidents to the California attorney general in 2022 or 2023. In addition, Bryan Cave Leighton Paisner, another law firm, recently experienced a data breach that impacted its client Mondelez International.
The unauthorized access to BCLP’s systems during February and March 2023 resulted in at least two lawsuits against the company. With the growing risk of such attacks, legal service providers are facing mounting pressure to bolster their cybersecurity measures and safeguard their clients’ confidential information effectively.
