Data Breach Highlight: Leading Law Firms Take A Hit

April 01, 2016 By Risk Based Security


Cravath Swaine & Moore LLP and Weil, Gotshal & Manges LLP

How many impacted:



Occurred: Mid 2015

Reported: March 29, 2016

What Happened:

Details are murky as to what, exactly, has taken place within the networks of two of Wall Street’s most trusted law firms. According to initial reporting by the Wall Street Journal, both Cravath Swaine & Moore and Weil, Gotshal & Manges were the subject of unauthorized intrusions beginning as early as the summer of 2015. Both the FBI and Manhattan’s U.S. attorney’s office have launched investigations into the incidents. Neither firm is saying much on record about the intrusions or what type of data may have been compromised. The WSJ, however, is reporting that “federal investigators are exploring whether [hackers] stole confidential information for the purpose of insider trading.”

Why It Matters:

In a year that has already seen more than its fair share of data theft for tax fraud, it can be easy to lose sight of the fact that some of the most valuable information around has nothing to do with personal details, bank accounts or credit card numbers. Rather, insider intelligence that can be used to exploit or manipulate financial markets is a highly prized target and the theft of such data can have implications far beyond the typical breach. Cravath Swaine is renowned for their prowess when it comes to mergers and acquisitions while Weil is the go-to firm for high stakes corporate finance and complex transactions. By the very nature of their practices, both firms are privy to a treasure trove of information perfect for getting the inside scoop on the type of deals that move markets.

If these two venerable firms were breached for their client data, they certainly are not alone in being targeted for insider information. On March 23rd, the SEC announced they had reached an $18M dollar settlement with 7 defendants that allegedly benefited from a scheme to steal press releases from Business Wire, Marketwired and PR Newswire. The press releases in question were previously undisclosed announcements of upcoming corporate deals. All in, 34 defendants are accused of netting approximately $100M of illegally gained profits from the scheme. Dow Jones & Co. was seemingly targeted for the type of data theft, with allegations emerging in October of last year that Russian hackers compromised their systems for insider trading tips. Even the Federal Reserve Board of Governors has experienced issues with leaking highly sensitive market data. News broke in December 2014 that confidential minutes from a FOMC meeting had made their way into a report by Medley Global Advisors a day ahead their scheduled release. Astute readers of the report had the opportunity to capitalize on falling U.S. Treasury securities’ prices which took place shortly after the meeting minutes were released to the general public.

The events at Cravath Swaine, Weil, the wire services and the Fed show just how far some individuals are willing to go to gain the upper hand in trading systems that should, in theory, be an even playing field for all. With tens or even hundreds of millions of dollars at stake, organizations cannot afford to lose sight of fact that insider information is some of the most valuable data out there.

Here we are on April Fools day in 2016 and our research shows there have already been over 632 data breaches disclosed and more than 177 million records compromised. 2015 was a record breaking year with more than 4,027 incidents reported. If the current pace of breach activity continues, 2016 may turn out to be just as extraordinary as 2015 and for all the wrong reasons.

Filed Under: Data Breaches, News, Data Breach Highlight

Subscribe to Email Updates