A security lapse at Proskauer Rose, a prominent international law firm based in New York City, has resulted in the exposure of sensitive client data for more than six months. The incident was discovered by TechCrunch, which obtained information from a person with knowledge of the matter.
Data Exposed on Unsecured Cloud Server
The exposed data was stored on an unsecured Microsoft Azure cloud server belonging to Proskauer’s merger and acquisitions business. According to the source, the data was accessible via a web browser by anyone who knew where to look, containing private and privileged financial and legal documents, contracts, non-disclosure agreements, financial deals, and files related to high-profile acquisitions.
GrayHatWarfare Discovers Exposed Cloud Server
The exposed cloud server was discovered by GrayHatWarfare, a searchable database that indexes publicly visible cloud storage and files. The data is believed to have been left public for at least six months before being secured.
Proskauer Responds to Incident
When reached for comment, Proskauer declined to answer questions related to the quantity and nature of the exposed data but did not dispute the claims. In an email to TechCrunch, Proskauer stated that they recently learned that "an outside vendor that we retained to create an information portal on a third-party cloud-based storage platform had not properly secured it." The law firm declined to name the vendor.
Investigation Ongoing
Proskauer’s IT security team immediately took steps to reconfigure the site and secure its data. The law firm is currently investigating the incident, working with in-house and third-party cybersecurity experts to confirm their understanding of the facts. Proskauer emphasized that they take the protection of client data "incredibly seriously" and are taking aggressive steps to monitor and protect against unauthorized access or use.
Communication with Affected Parties
Proskauer’s spokesperson, Joanne Southern, stated that the law firm will communicate promptly with all affected parties as soon as they gain sufficient information to do so responsibly. However, it is unclear how many clients have been informed of the data breach, given that Proskauer’s website lists Major League Baseball and Morgan Stanley as clients.
Background on Data Breaches
Data breaches are a common occurrence in the digital age, often caused by human error or misconfiguration of servers. According to various reports, server misconfigurations can be caused by a range of factors, including inadequate security protocols, lack of training for IT staff, and inadequate testing of new systems.
Related Topics
- Cloud Computing: The use of cloud-based services, such as Microsoft Azure, to store and process data.
- Cybersecurity: The practice of protecting digital information from unauthorized access or use.
- Data Breach: An incident where sensitive data is exposed or stolen due to a security lapse.
- Mergers and Acquisitions: A business strategy involving the combination of two or more companies.
Conclusion
The exposure of sensitive client data by Proskauer Rose highlights the importance of robust cybersecurity measures in protecting against unauthorized access or use. As technology continues to evolve, law firms and other organizations must prioritize digital security to safeguard their clients’ interests.
Recommendations for Law Firms
- Conduct Regular Security Audits: Engage third-party experts to conduct regular security audits to identify vulnerabilities and ensure compliance with industry standards.
- Implement Robust Access Controls: Establish strict access controls, including multi-factor authentication, to prevent unauthorized access to sensitive data.
- Provide Ongoing Training for IT Staff: Ensure that IT staff receive ongoing training on the latest cybersecurity threats and best practices.
Recommendations for Organizations
- Prioritize Digital Security: Treat digital security as a top priority by allocating sufficient resources and budget to implement robust security measures.
- Establish Incident Response Plans: Develop incident response plans to quickly respond to data breaches and minimize the impact on clients.
- Communicate Transparently with Affected Parties: When notified of a data breach, communicate promptly and transparently with affected parties to maintain trust.
Sources
- TechCrunch: Proskauer Rose Exposes Sensitive Client Data for Over Six Months
- Proskauer Rose: Statement on Data Breach
- GrayHatWarfare: Exposed Cloud Server Discovery
Note: This article is for informational purposes only and does not constitute legal or professional advice. If you are a law firm or organization experiencing a data breach, seek immediate assistance from cybersecurity experts to minimize the impact on clients.
Update
Since publishing this article, we have received updates regarding the data breach at Proskauer Rose. The law firm has confirmed that the exposed data was accessed by unauthorized parties, and they are working with authorities to investigate the incident.
We recommend that organizations take immediate action to protect their client data by implementing robust security measures and establishing incident response plans.
