I will tell you about a story that caught my attention today. Pillsbury, a large U.S. law firm, is now dealing with class-action lawsuits due to a data breach that occurred in April. And honestly, the facts made me think “How did this happen”?
Once in, the hacker compromised their systems and downloaded firm documents.
The firm then discovered the data breach and attempted to terminate the attack but was too late.
This seems to be the all too common occurrence with this type of attack, and I repeat ask, Why do humans fall for this type of practical joke?
The lawsuit claims Pillsbury failed to adequately protect the data and failed to notify persons about the issue in an acceptable time.
The lawsuit seeks more than $5 million in damages and purports to represent everyone in the United States who was affected.
Honestly, if my data got leaked and no one told me promptly, I would be upset, wouldn't you?
Law firms store their client information, legal files, and other personal employee information. So when their systems are breached, the impact of the breach is felt by several groups at once.
This breach was a social engineering attack
This did not involve some elite hacker breaching firewalls. All that happened was that some socially engineered an employee. And that makes the situation even worse, because, at least for me, knowing that human error also opens a huge door to attackers is even scarier.
Law firms are now facing increasing lawsuits
Pillsbury isn't the only American law firm on the receiving of this type of situation. So this begs the question, are law firms actually that serious about their cybersecurity apparatus?
In regards to complaints of employees who fall for these type of scams, I believe it would be helpful for every organization - not just law firms - to have employee onboarding that is better at training employees to avoid falling for these types of concerns.
A clear reminder, that even esteemed and elite establishments can make mistakes. Even a small mistake can turn into a massive one.
What happened in April?
Pillsbury states that someone induced one of their employees to fall victim to a social engineering attack.Once in, the hacker compromised their systems and downloaded firm documents.
The firm then discovered the data breach and attempted to terminate the attack but was too late.
This seems to be the all too common occurrence with this type of attack, and I repeat ask, Why do humans fall for this type of practical joke?
What data was exposed?
The lawsuit says the hacker compromised highly sensitive personal identifiable information, such as:- Names
- Social Security numbers
- Dates of birth
- Home addresses
- Bank account information
Who is taking Pillsbury to court?
A resident of Texas filed the suit in a federal court in Manhattan.The lawsuit claims Pillsbury failed to adequately protect the data and failed to notify persons about the issue in an acceptable time.
The lawsuit seeks more than $5 million in damages and purports to represent everyone in the United States who was affected.
Honestly, if my data got leaked and no one told me promptly, I would be upset, wouldn't you?
Why does it matter?
Law firms hold extremely sensitive dataLaw firms store their client information, legal files, and other personal employee information. So when their systems are breached, the impact of the breach is felt by several groups at once.
This breach was a social engineering attack
This did not involve some elite hacker breaching firewalls. All that happened was that some socially engineered an employee. And that makes the situation even worse, because, at least for me, knowing that human error also opens a huge door to attackers is even scarier.
Law firms are now facing increasing lawsuits
Pillsbury isn't the only American law firm on the receiving of this type of situation. So this begs the question, are law firms actually that serious about their cybersecurity apparatus?
That Said...
If I was working for Pillsbury or gave them any sort of data, I would do the following:- Check my bank statements
- Check my credit reports activiely
- Avoid clicking any suspicious emails
- Be prepared to freeze my credit if I did indeed have any concerns about my data
In regards to complaints of employees who fall for these type of scams, I believe it would be helpful for every organization - not just law firms - to have employee onboarding that is better at training employees to avoid falling for these types of concerns.
Final Thoughts
To sum it up, Pillsbury is facing class action lawsuits because a cyber attack in April disclosed sensitive personal data and allegations that the firm didn't protect them sufficiently.A clear reminder, that even esteemed and elite establishments can make mistakes. Even a small mistake can turn into a massive one.