Law Firm Uncovers Exposed Sensitive Details About Top Attorney Online

Law Firm Uncovers Exposed Sensitive Details About Top Attorney Online
Michael Marriott
Read More From Michael Marriott
November 15, 2018 | 2 Min Read

VIPs and executives who are critical to your company and brand can be targeted by threat actors or groups who exploit their personal information to cause financial, brand or reputational damage – or even physical harm. Law firms are among the targets for this type of criminal activity as they possess sensitive data that threat actors can monetize, including: intellectual property (IP), merger and acquisition (M&A) details, as well as strategy and financial insights about their corporate clients.

A regional law firm recently discovered key employee details exposed online for its Chief Counsel. A closer look revealed information that left the top attorney’s family vulnerable.

Data Loss Can Leave VIPs Exposed

Social media spoofing, over-sharing or personally identifiable information (PII) exposed in data breaches can leave corporate executives, board members, key technical employees and public figures exposed with damaging consequences. The exposed data is used for profit by the attackers or sold on the open, deep, and dark web for others to use as they wish. Below are just a few examples of how this data is obtained and used.

VIP Exposure attack techniques

Figure 1: Some examples of the attack techniques and risks associated with VIP Exposure.

Detecting and Mitigating VIP Exposure

In the case of this law firm, the sensitive information found online would have been extremely useful for attackers performing spear phishing or doxing campaigns.

Upon further investigation, the information found in Pastebin – including family names and home addresses – was confirmed to be valid. The law firm took swift action and removed the content, thereby mitigating the risk. They also used the experience to update employee training and provided tips for how best to reduce the risk.

See how Digital Shadows SearchLight™ helps clients monitor for, investigate and mitigate digital risks, including VIP Exposure: Test drive SearchLight™ free here.

 

To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Saving the SOC from overload by operationalizing digital risk protection

Saving the SOC from overload by operationalizing digital risk protection

August 5, 2020 | 4 Min Read

As you may have seen last week, the latest...
Account takeover: Expanding on impact

Account takeover: Expanding on impact

July 27, 2020 | 7 Min Read

Digital Shadows has collected over 15 billion...
SearchLight’s Credential Validation: Only Focus on What Matters

SearchLight’s Credential Validation: Only Focus on What Matters

July 14, 2020 | 4 Min Read

Of the many use cases associated with threat...
From Exposure to Takeover: Part 1. Beg, borrow, and steal your way in

From Exposure to Takeover: Part 1. Beg, borrow, and steal your way in

July 7, 2020 | 9 Min Read

Account Takeover: Why criminals can’t...