10 comments

[ 3.3 ms ] story [ 31.9 ms ] thread
Is this anything but a curiosity?

My friend who fixes cars after an accident had, you guessed it, an accident.

Was his job supposed to make him immune?

One might think after seeing in detail how hundreds of other data breaches occurred and adversely affected others, the firm should have been uniquely well-educated and motivated to prevent such attached.
You would think :)

But all this shows is once again, bonuses and short term profits count far more than spending on competent cyber security.

Perhaps they were so successful at getting their clients minimal punishments that they didn't see a need to meaningfully invest in proper IT security compared to the inevitable slap on the wrist.
No organization is immune from data breaches. That's pretty much the first rule. All you can do is mitigate the risk, you can't eliminate it. Being a law firm that handles data breaches certainly doesn't make them unhackable, especially if it makes them a target.
They're not a tech firm specializing in breach prevention, but a law firm handling breach fall-out, aka the PR/comms playbook. They probably know better than anyone that there's zero liability, so why spend resources or worry about preventing them?
I don't think it would have made it to HN but for the increasingly common expectation of behaving on HN exactly like reddit
As surprising as an oncologist getting cancer.
Well, they can handle that
Breach response is different from preventing breaches.