Quinn Emanuel Law Firm Reports Fifth-Party Data Breach

Law firms getting breached is, unfortunately, no longer big news. Law firms Orrick, Herrington & Sutcliffe, Cadwalader, Wickersham & Taft, Loeb & Loeb and Gibson, Dunn and Crutcher all reported breaches to the California attorney general in July.

Bryan Cave Leighton Paisner also reported a breach recently.

All of these are very large firms. Imagine what is happening at small firms – they may not even know that hackers are inside, which, of course, the hackers like.

Here are some details on the Orrick breach.

The Orrick law firm was handling a lawsuit for one of their clients.

As is typical, since most law firms do not have the expertise to conduct eDiscovery, they subcontracted that out.

Orrick is a third party to the client who suffered is a party to the lawsuit.

The forensics/eDiscovery vendor, QEUS collects “relevant data from our clients and opposing parties”. QEUS is a fourth party.

QEUS hosts their data in a data center. Whose data center – they are not saying right now. That data center was attacked and QEUS suffered a ransomware attack. LAST YEAR. The data center would be a fifth party.

Quinn made a point to note that it was not their network infrastructure that was compromised. I am sure that made the 2,000 people to whom they sent breach notices feel much better.

I doubt it will make much of a difference to the class action attorneys who likely will sue Quinn Emanuel.

It is unclear what impact the breach will have on the case or cases related to the data.

Hopefully, it is becoming very clear to our readers that law firms are a hot target. Even if this was a coincidence, the consequences are significant. What if Quinn’s client loses their case as a result of the breach? What if the breach nullifies attorney-client privilege?

Is your law firm or firms secure? How do you know? If you need assistance, please contact us.

Credit: Reuters

by