Cybercriminals are targeting the legal service sector as law firms usually hold large volumes of personal and sensitive information. All types of law firms, be it small or big, government or private, all are under threat at the moment. Recently, Fragomen, an Immigration law firm, disclosed a data breach incident.

What has happened?

While targeting Fragomen, Del Rey, Bernsen & Loewy, LLP, the attackers gained unauthorized access to a single file holding personal information relating to I-9 employment verification services. 
  • The I-9 form includes employee information, including full name, date of birth, social security number, and other identification information.
  • The incident exposed the personal information of several current and former Google employees.
  • Compromised information could be used by cybercriminals to carry out multiple malicious activities, such as identity theft or phishing attacks.

Recent incidents

The frequency of cyberattacks on legal firms has increased during the coronavirus pandemic due to the rapid digitalization law firms are going through. Recently, several cyberattacks were observed targeting Europe and North America. 
  • Seyfarth Shaw LLP became a victim of a sophisticated and aggressive ransomware attack.
  • FIN11, a financially-motivated hacking group, deployed CLOP ransomware to target several sectors, including legal.
  • A global business email compromise campaign was discovered, which targeted over 150 organizations, including law firms.
  • A month ago, the Fourth District Court of Louisiana was attacked by Conti ransomware operators.

Prominent attack vectors

During the last month, ransomware attacks were one of the prominent threats that affected the legal services sector. The ransomware operators first steal and encrypt data. Consequently, they blackmail victims to pay the ransom or threaten to leak their data. Besides, BEC attacks and data theft incidents were observed.


There are many ongoing cyber threats that law firms should be aware of and be prepared to face them. Experts suggest adopting basic cybersecurity practices such as providing training to employees for phishing attacks, backing up important data, and monitoring user access.

Cyware Publisher