Goodwin Procter reports data breach from hack of third-party vendor
Image from Shutterstock.com.
Goodwin Procter was hacked through a third-party vendor used for large file transfers, the law firm has revealed in an internal memo.
The memo reported that a “small percentage of our clients may have experienced unauthorized access to or acquisition of confidential information.”
Bloomberg Law obtained the memo and broke the news. Law.com and Thomson Reuters Legal followed with stories.
Goodwin Procter confirmed the authenticity of the memo to Bloomberg Law but did not comment further.
Mark Bettencourt, managing partner at Goodwin Procter, said in the memo affected clients have been told that their information may have been accessed. A few law firm employees were also affected and informed. All clients were told about the breach.
The vendor told Goodwin Procter on Jan. 22 about the hack, which likely affected multiple customers of the file transfer service, Bettencourt said in the memo.
The law firm hired a forensics expert for an investigation.
Bloomberg recounted several cybersecurity incidents at law firms, including a malware attack on Seyfarth Shaw in October, a ransomware attack on DLA Piper in 2017, and breaches last year at Fragomen and Cadwalader, Wickersham & Taft.
