In a recent cyber attack on the law firm Stinson LLP, sensitive information about an alleged sex abuse victim involved in the Roman Catholic Diocese of Syracuse bankruptcy case was compromised. The breach, disclosed by Judge Wendy A. Kinsella of the US Bankruptcy Court for the Northern District of New York, was referenced during an unrelated court proceeding dealing with the diocese’s Chapter 11 case.
According to the court, the cyber attack was executed by a threat actor in February, who aimed to secure confidential information for ransom purposes. Stinson LLP, acting as counsel for the committee representing unsecured creditors in the ongoing bankruptcy process, witnessed the illegal access of this sensitive data. The ramifications of this breach are particularly significant given the nature of the information involved.
This incident at Stinson underscores the growing concern over cyber security vulnerabilities within legal firms, particularly those handling high-stakes and sensitive cases. Law firms, like many professional services entities, are increasingly targeted by cybercriminals due to the vast amount of confidential client information they maintain.
Moreover, Stinson’s cyber incident follows a similar attack against the Berkeley Research Group earlier in February, highlighting a troubling pattern of ransom-driven cyber attacks within the legal and consulting sectors. As cyber threats continue to evolve, firms are urged to bolster their security measures to protect client data and maintain the integrity and confidentiality essential to legal practice.