One might think after seeing in detail how hundreds of other data breaches occurred and adversely affected others, the firm should have been uniquely well-educated and motivated to prevent such attached.
Perhaps they were so successful at getting their clients minimal punishments that they didn't see a need to meaningfully invest in proper IT security compared to the inevitable slap on the wrist.
No organization is immune from data breaches. That's pretty much the first rule. All you can do is mitigate the risk, you can't eliminate it. Being a law firm that handles data breaches certainly doesn't make them unhackable, especially if it makes them a target.
They're not a tech firm specializing in breach prevention, but a law firm handling breach fall-out, aka the PR/comms playbook. They probably know better than anyone that there's zero liability, so why spend resources or worry about preventing them?
10 comments
[ 3.3 ms ] story [ 31.9 ms ] threadMy friend who fixes cars after an accident had, you guessed it, an accident.
Was his job supposed to make him immune?
But all this shows is once again, bonuses and short term profits count far more than spending on competent cyber security.