Hat tip to a loyal reader who sent word yesterday of: “Goodwin Points to 3rd-Party Vendor as Root of Data Breach” —
- “Goodwin Procter found itself the victim of a cyberattack, the firm acknowledged Tuesday, after a vendor to the firm that handles large file transfers was hacked, allowing the intruders to access data the third party had handled for the law firm.”
- “Bettencourt stated in the memo that the firm believes Goodwin was not the only client of the vendor that was affected by the breach.”
- “The memo stated that after being notified of the breach, Goodwin disconnected the vendor from its network and ‘halted use of service for any transfers,’ hired an independent forensic security expert and opened its own investigation into the matter.”
- “The investigation also revealed that a few Goodwin workers were impacted by the breach, the memo said. It did not appear that the firm’s human resources system or any firm resources, other than the file transfer service, were impacted, according to the memo. The firm believes that the vendor’s security issue impacted several of the vendor’s customers, not just Goodwin, the memo said.”
- “‘Please know that we were running the most current version of the service and following all directions to ensure the proper maintenance of the system,’ the memo said. ‘This included deploying security patches as soon as [they] were made available to us.'”
Thinking of that eventual report brings to mind recent news about security forensics privilege matters.