The website for Puckett & Faraj, the military law firm that defended a U.S. Marine court-martialed for his role role in the Haditha killings, remains down after suffering a devastating cyber attack by hacker collective Anonymous, but the bigger question is if the law firm can survive the fallout of the security breach. Such a prospect arose on Monday when Anonymous released e-mails of employees scrambling to get a grip of the cyber attack, suggesting that the hacker group still had control of some of the firm's IT. In an e-mail on Friday, one employee wrote a warning to her mother:
It's not clear why that employee thought the firm could be toast but a posting by Anonymous claims the attack was comprehensive. "The contents of these email messages include detailed records, transcripts, testimony, trial evidence, and legal defense donation records pertaining to not only Frank Wuterich [the only Marine convicted in the Haditha massacre] but also many other marines they have represented." In another released e-mail, an employee says "all of our e-mails and client information" have been taken and " for now, we're not able to do any business."
To get a sense of how this could cripple a firm, we spoke with Jack Walker, a former partner at Latham & Watkins who currently consults law firms for the Zeughauser Group. "If all the electronic files of a law firm were put out in public it would be pretty nuclear," he said. He noted that the leak could invite a wave of lawsuits from clients whose confidential communications were leaked, such as the weakness of their cases, their personal indiscretions and vulnerabilities, their ability to sustain a lawsuit, personal financial information and to what extent they'd be willing to settle a given case.
The key issue with surviving lawsuits would be whether or not the firm took reasonable precautions to safeguard its client information. Another factor would be whether the firm's malpractice insurance covers the security breach, said Walker.
Making matters worse, you have prospective clients who may turn away their business with a firm that seems to have a cyber security problem. In terms of on-going cases, Walker said the publication of internal documents and strategizing could "make cases go away that are pretty good cases" for the firm. In summary, it sounds like it could be a huge mess.