X

Quinn Emanuel Discloses Limited Client Data Breach in Recent Cyber Attack

On Friday, U.S. law firm Quinn Emanuel Urquhart & Sullivan disclosed a concerning cybersecurity attack that had potentially exposed client information. The firm revealed that one of its electronic discovery vendors fell victim to a ransomware attack last year, impacting a limited portion of their clients and matters. This incident has raised concerns about the security of sensitive legal data and highlights the risks associated with third-party vendors in the legal industry.

Confirming the incident to Reuters on Monday, Quinn Emanuel stated that the cyberattack targeted a third-party data center used for document management on behalf of some clients. Fortunately, the attack was contained within a small subset of their client base. The firm emphasized that its internal network infrastructure remained unaffected.

While the law firm did not disclose the identity of the third-party vendor, it informed California authorities about the breach and took the necessary steps to notify fewer than 2,000 individuals affected by the incident.

See also: Miami Mayor Temporarily Steps Down from Quinn Emanuel to Pursue Presidential Campaign

According to the notice filed with the California attorney general’s office, the unauthorized access or acquisition of data occurred between May 13 and 14, 2022. The unnamed vendor played a crucial role in collecting and processing e-discovery data for Quinn Emanuel, a prominent business litigation firm boasting over 1,000 lawyers.

Make hiring a breeze – trust BCG Attorney Search to find the best candidates for your firm.

The notice, dated June 20, omitted specific details, including the type of personal information that might have been compromised during the attack. However, it is apparent that the breach involved sensitive and confidential data, given the nature of the firm’s legal services across various industries.

In the wake of the attack, Quinn Emanuel swiftly engaged cyber and forensic experts to assess the scope of the breach. Collaborating with law enforcement authorities, the firm aimed to prevent further breaches and recover the electronic discovery material that might have been compromised.

This incident echoes previous cybersecurity breaches that targeted third-party vendors serving law firms. Notably, in 2021, major law firms such as Jones Day and Goodwin Procter encountered a large-scale breach through the third-party file transfer vendor Accellion.

The increased reliance on third-party vendors for critical services exposes law firms to additional cybersecurity risks, warranting a comprehensive approach to vendor risk management. Firms must vet and ensure the robust security measures of their vendors, especially those handling sensitive data.

Quinn Emanuel’s cybersecurity incident is part of a concerning trend impacting the legal industry. With law firms, legal services providers, and their clients’ data becoming lucrative targets for cybercriminals, robust cybersecurity measures are paramount.

Besides Quinn Emanuel, several other prominent law firms reported cybersecurity incidents to the California attorney general’s office in July between 2022 and 2023. Orrick, Herrington & Sutcliffe; Cadwalader, Wickersham & Taft; Loeb & Loeb; and Gibson, Dunn & Crutcher were among those affected.

Bryan Cave Leighton Paisner (BCLP), another well-established law firm, recently faced its own data breach. The breach came to light after food giant Mondelez International, a client of BCLP, disclosed unauthorized access to the law firm’s systems between February 23 and March 1, 2023. The incident led to at least two lawsuits against both BCLP and Mondelez, underscoring the potential legal ramifications following cybersecurity breaches in the legal sector.

The cyber attack on Quinn Emanuel Urquhart & Sullivan’s third-party vendor is a stark reminder of the vulnerabilities in the legal industry’s data security practices. With sensitive client data at stake, law firms must adopt robust cybersecurity measures, enhance vendor risk management protocols, and stay vigilant against emerging cyber threats. As cybercriminals continue to evolve their tactics, the legal sector must respond with proactive cybersecurity strategies to protect their clients, reputation, and business operations.

Don’t be a silent ninja! Let us know your thoughts in the comment section below.

Rachel E: