Law Firm Uncovers Exposed Sensitive Details About Top Attorney Online

Law Firm Uncovers Exposed Sensitive Details About Top Attorney Online
Michael Marriott
Read More From Michael Marriott
November 15, 2018 | 2 Min Read

VIPs and executives who are critical to your company and brand can be targeted by threat actors or groups who exploit their personal information to cause financial, brand or reputational damage – or even physical harm. Law firms are among the targets for this type of criminal activity as they possess sensitive data that threat actors can monetize, including: intellectual property (IP), merger and acquisition (M&A) details, as well as strategy and financial insights about their corporate clients.

A regional law firm recently discovered key employee details exposed online for its Chief Counsel. A closer look revealed information that left the top attorney’s family vulnerable.

Data Loss Can Leave VIPs Exposed

Social media spoofing, over-sharing or personally identifiable information (PII) exposed in data breaches can leave corporate executives, board members, key technical employees and public figures exposed with damaging consequences. The exposed data is used for profit by the attackers or sold on the open, deep, and dark web for others to use as they wish. Below are just a few examples of how this data is obtained and used.

VIP Exposure attack techniques

Figure 1: Some examples of the attack techniques and risks associated with VIP Exposure.

Detecting and Mitigating VIP Exposure

In the case of this law firm, the sensitive information found online would have been extremely useful for attackers performing spear phishing or doxing campaigns.

Upon further investigation, the information found in Pastebin – including family names and home addresses – was confirmed to be valid. The law firm took swift action and removed the content, thereby mitigating the risk. They also used the experience to update employee training and provided tips for how best to reduce the risk.

See how Digital Shadows SearchLight™ helps clients monitor for, investigate and mitigate digital risks, including VIP Exposure: Test drive SearchLight™ free here.

 

To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.

Related Posts

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant...
Contact Tracing: Can ‘Big Tech’ Come to the Rescue, and at What Cost?

Contact Tracing: Can ‘Big Tech’ Come to the Rescue, and at What Cost?

May 11, 2020 | 13 Min Read

Co-authored by: Pratik Sinha MD PhD1,2, Alastair...
Zoom Security and Privacy Issues: Week in Review

Zoom Security and Privacy Issues: Week in Review

April 17, 2020 | 10 Min Read

In the last month, you’ve likely been hearing...