X
    Categories: Biglaw

Bryan Cave Cyberattack Exposes Client Mondelez’s Data in Security Breach

Bryan Cave Leighton Paisner (BCLP), a prominent Big Law firm, has become the latest victim of a cyber breach that compromised sensitive client data. This breach resulted in the exposure of personal information belonging to over 50,000 current and former employees of Mondelēz International, the renowned snack food company behind popular brands like Oreo cookies and Ritz crackers.

In late February, BCLP discovered it had fallen victim to a hacking incident, affecting certain client files. The breach was subsequently reported to law enforcement, and the firm initiated a thorough investigation in collaboration with an external cybersecurity forensics firm. The breach included the theft of employee data such as dates of birth, Social Security numbers, and home addresses, as revealed in a notice sent by Mondelēz to affected employees on June 15.

According to the notice obtained by The Register, a British tech website, BCLP notified Mondelēz of the breach on March 24. However, it was only on May 22, 2023, that Mondelēz determined the full extent of the impact and concluded that affected individuals should be informed.

It is important to note that the incident did not occur within Mondelēz’s own systems and did not directly affect the company’s operations. Instead, the breach primarily targeted BCLP’s infrastructure and compromised sensitive client data.

Wondering how your salary stacks up against others in your field? Check out LawCrossing’s salary surveys to find out.

The breach had significant repercussions, with the Maine attorney general’s office reporting that a total of 51,110 individuals were affected. BCLP responded swiftly to the incident upon discovery, taking immediate measures to contain it. The firm enlisted the assistance of a leading forensics firm and worked closely with law enforcement throughout the process. BCLP also prioritized communication with the affected stakeholders to ensure transparency and provide necessary support.

A spokesperson for BCLP issued a statement acknowledging the severity of the situation and expressing the firm’s commitment to resolving the matter promptly. Despite the challenges posed by the breach, BCLP remains dedicated to serving its clients and maintaining business continuity.

Mondelēz also emphasized the seriousness of the breach and its proactive response to the incident. The company took immediate action upon being notified, collaborating with its partners to provide assistance to impacted employees.

Unfortunately, cyberattacks and data breaches have become increasingly prevalent within the legal industry. BCLP joins a growing list of Big Law firms that have fallen victim to such incidents in recent years, with both law firm and client data being compromised.

In April, Proskauer Rose confirmed a breach that exposed clients’ data, including sensitive financial information, to hackers. Similarly, in 2021, Goodwin Procter and Jones Day experienced data exposure due to a breach at their tech provider, Accellion (now known as Kiteworks). This incident left confidential client data vulnerable.

Covington & Burling faced a cyberattack in 2020, potentially exposing nonpublic information relating to around 300 corporate clients. In response to the breach, the U.S. Securities and Exchange Commission (SEC) requested that the firm disclose its clients’ names. This request sparked support from over 80 competing firms, asserting that attorney-client privilege should protect the information from the SEC’s reach.

The recurring nature of cyberattacks within the legal sector highlights the critical need for robust cybersecurity measures. Firms must prioritize the security of their systems and client data, implementing comprehensive safeguards to prevent unauthorized access and mitigate potential breaches.

As the BCLP cyber breach investigation continues, affected individuals and stakeholders await further updates and measures to address the breach’s consequences. In an era where data breaches have far-reaching implications, organizations must remain vigilant and proactive in safeguarding sensitive information to protect both their clients and their own integrity.

Don’t be a silent ninja! Let us know your thoughts in the comment section below.

Rachel E: