Some of the UK’s biggest law firms may have been compromised after confidential data including email addresses were found on the dark web.
Cybersecurity specialists from RepKnight say more than a million credentials have been leaked, leaving law firms vulnerable to cyberattacks such as phishing or data theft.
On average, 2,000 email addresses per company were found to have been compromised, with the biggest victim having more than 30,000 email addresses stolen.
However, almost all credentials weren’t taken directly from these law firms, but from third parties instead, with sites like LinkedIn or Dropbox thought to be the hackers’ biggest sources of information.
RepKnight said that 80 per cent of email addresses featured in breaches also contained passwords, sometimes even in plain text. These passwords could potentially be used to gain access to private data including banking or social media credentials. It could also be leveraged for phishing attacks, as more than 80 per cent of people re-use old passwords.
Patrick Martin, cybersecurity analyst at RepKnight said: “The truth is that no company in the world is safe from the threat of the dark web. The top 500 law firms RepKnight analysed almost certainly haven’t done anything wrong cybersecurity-wise, but all it takes for a breach to occur nowadays is for a single employee to accidentally fall for a phishing email or send sensitive data via email accidentally to the wrong person. It’s almost impossible to prevent.
“The data we found represents the easiest data to find– we just searched on the corporate email domain. A far bigger issue for law firms is data breaches of highly sensitive information about client cases, customer contact information, or employee personal info such as home addresses, medical record and HR files. That’s why - in addition to securing their networks - every firm should be deploying a dark web monitoring solution, so they can get alerted to leaks and breaches immediately.”
Image source: Shutterstock/kpatyhka