One of the best ways to understand how Safelaw can help protect your law firm is to look examples of various incidents and their corresponding costs. Below you will find several examples of claims, a description and the cost of the incident.
Data Breach Liability (Confidentiality)
A law firm handling Qui Tam cases suffered an accidental data breach resulting in legal liability and disciplinary proceedings for alleged ethical violations. The firm used a cloud storage service for all firm data. The cloud storage provider offered two tiers of service to clients, free and premium. Data in the “free” storage service is searchable and can be downloaded by other customers. The firm neglected to pay their renewal fees for the “premium” service, so the firm’s account reverted to the “free” service and all of the firm’s data was searchable and available online for several months. During that time, numerous parties downloaded the details of a sensitive whistleblower case. As a result, the firm faced a lawsuit from the former client in the whistleblower case as well as a disciplinary proceeding. Several other suits from other current and former clients are also pending.
Notification Expense: $27,000
Defense Expense: $305,000
Fines & Penalties: $120,000
Note: pending suits from other clients are not included in loss amounts listed above.
System Interruption (Virus)
A firm specializing in intellectual property suffered a “time bomb” style computer virus attach that
appears to have been targeted at the firm. Once activated, the virus destroyed large portions of the
firms data including numerous pending intellectual property filings. The firm struggled to notify
clients rebuild their databases quickly from damaged backups and paper files. Although the firm
successfully recovered over 95% of the damaged information, many legal deadlines were missed
including patent filings and court filings. The liability associated with this claim remains to be seen.
Forensics Expense: $17,200
Data Restoration Expense: $41,000
Loss of Billable Hours: $161,000
Data Damage (Accidental)
A small firm lost all of their data including backups from a shared office space when the IT administrator formatted the hard drive on the office equipment. The firm, which had 3 lawyers, was operating inside unused space at a larger firm. As part of the arrangement, the smaller firm also used the IT systems of the larger firm. In an effort to segregate the data of the smaller firm, the larger firm gave them access to their own file server, which was normally used for email only. The server began having issues, so the IT administrator backup up the emails on the server, formatted the hard drive and reinstalled all the software. The IT administrator did not remember to backup the data from the smaller firm before formatting the hard drive. The firm suffered an interruption of operations as a result and incurred significant expense to recover the data manually.
Data Restoration Expense: $23,000
Loss of Billable Hours: $8,900
Media Liability (Intellectual Property)
A firm seeking to improve their search engine placement purchased the name of a competing law firm from the Google AdWords system. Each time a potential client searched for the competing law firm’s website the number one search result was website for the firm that purchased the AdWord instead. Nearly 12 months later, the competing firm discovered their name was being used by a competitor and brought suit against the firm that purchased their name as an AdWord. The suit alleged Trademark/Servicemark infringement and dilution, false advertising, and fraud. The firm claimed have lost over $3,500,000 due to the infringing activity.
Defense Expense: $635,000
Fraudulent Funds Transfer (Social Engineering)
A law firm acting as a “closing agent” for real estate transactions was tricked into sending $170,000 to a cyber thief. The Firm received an e-mail purporting to be from seller’s agent instructing the firm to wire the funds to the sellers account. The firm transferred the money held in escrow to the sellers account. However, the email wasn’t actually from the seller and the wire transfer instructions were bogus. The deal fell through, the buyer made a demand for the $170,000 and threated suit against the firm. The firm opted to pay the $170,000 to the client rather than fight a lawsuit. In addition, the firm is being investigated for a trust account violation and may face a disciplinary proceeding.
Theft of Money: $170,000
Defense Expense: pending
Fines and Penalties: pending
Data Breach Liability (Privacy)
A firm specializing in immigration law was sued by their clients due to a data breach. The firm represents large companies who routinely bring foreign workers into the country on work visas etc. The potential employees were required to input their personal information on the firm website for firm to use to apply for work documentation. A person inputting information informed the firm that he could see other individual’s information. When the firm hired IT specialists to perform penetration testing they discovered the firm’s database of over 10,500 potential employees had been compromised. Currently, the firm has only been subject to one suit from a former commercial client. They have also received demands from individual employees.
Forensics Expense: $32,000
Notification Expense: $21,300
Defense Expense: $65,000 (ongoing)
Lost Business: Pending
System Interruption (Accident)
An independent contractor working for a firm made a mistake during a systemwide upgrade that caused significant loss of data and 9 days of system downtime. The contractor installed incompatible software during an upgrade, which resulted in the firm’s data being destroyed during the data migration. In addition, the firm’s software had to be removed and reinstalled on all machines.
Forensics Expense: $34,700
Data Restoration Expense: $114,000
Loss of Billable Hours: $81,600
Data Damage (Hacker)
A disgruntled former employee of a law firm gained unauthorized access to the law firm’s computer system, inserted spyware to spy on executives and began deleting files. At first, the firm thought they had a virus and took steps to eradicate the malicious code. However, every time they rebooted the system, files started being deleted again. Ultimately, the firm contacted forensic experts for help and eventually discovered that it wasn’t a virus. The forensics firm determined the attack was coming from an external source and closed the backdoor. By the time the firm closed the back door into their computer system, the former employee had deleted over 100 gigabytes of data.
Data Restoration Expense: $23,000
Loss of Billable Hours: $8,900
A small firm specializing in divorce, other domestic matters, and mediations was the victim of a
ransomware attack that “locked” client files so they could not be accessed. The hackers demanded
$3,000 to unlock files. The firm paid the extortion demand through Bit Coin, but the password
provided by the extortionist didn’t fully unlock the files. An outside IT company was called in, all files
were able to be retrieved and backed-up.
Extortion Monies: $3,125
Data Restoration: $4,700