Goodwin Procter LLP suffered a data breach after a vendor that it uses for large file transfers was hacked, according to an internal memo obtained by news outlets.
The memo, circulated on Tuesday by managing partner Mark Battencourt, said Goodwin was notified of the security issue on 22 January and immediately stopped using the service. The firm also retained the services of a third-party forensic expert an launched an investigation into the breach.
“Our investigation revealed a small percentage of our clients may have experienced unauthorized access to or acquisition of confidential material” on 20 January, Battencourt said in the memo. "Clients whose data may have been directly impacted as a result of this matter have been notified, and we have also communicated the security incident to all firm clients."
The investigation also revealed that “only a few Goodwin employees were affected” by a breach, all of whom had also been notified. The memo added that none of the firm’s resources appeared to have been impacted other than the file transfer service.
"Please know that we were running the most current version of the service and following all directions to ensure the proper maintenance of the system," the memo said, noting that security patches were being deployed as soon as they were made available.
Goodwin confirmed the accuracy of the memo when approached by Bloomberg, but declined to comment further.
[ymal]
The Boston-based Global 50 firm is only the latest firm to have suffered a data breach. Seyfarth Shaw LLP confirmed in October that it had suffered a ransomware attack, forcing it to shut down several of its systems, and Grubman Shire Meiselas & Sacks confirmed in May that troves of data on their celebrity clients had been stolen by hackers.
Law firms make attractive targets for cyberattacks due to the volume of sensitive information their systems store. Hacking attempts on major firms are rapidly increasing in frequency, prompting many to invest in greater cybersecurity measures for 2021.