A Record-Breaking Year for Law Firm Attacks
2023 marked a grim milestone: 45 ransomware attacks on law firms—the highest number ever recorded. These attacks compromised over 1.6 million records, with ransom demands averaging $2.47 million.
The legal sector has become a prime target for cybercriminals, and the trend shows no signs of slowing.
Why Law Firms Are Prime Targets
Law firms hold some of the most valuable data imaginable:
- Client confidences protected by attorney-client privilege
- Merger and acquisition details worth millions in insider trading
- Litigation strategies opponents would pay to see
- Personal information of high-net-worth individuals
- Corporate secrets shared during legal proceedings
Cybercriminals know that law firms will pay to protect this data—both from encryption and from public exposure.
The Financial Impact
| Metric | Value | Source |
|---|---|---|
| Average breach cost | $5.08M | Embroker 2024 |
| Average ransom demand | $2.47M | Comparitech |
| Firms with incident response plans | 34% | ABA 2023 |
| Firms that lost client data | 56% | ABA Survey |
| Orrick settlement | $8M | Court filings |
The average cost of a law firm data breach reached $5.08 million in 2024—a 10%+ increase from the previous year. And that's just the direct costs.
Case Study: Orrick, Herrington & Sutcliffe
In November 2024, Orrick agreed to pay $8 million to settle class action claims from a March 2023 data breach.
The breach affected 638,000+ individuals—far more than the 153,000 initially reported. Stolen data included names, addresses, dates of birth, and Social Security numbers.
The irony? Orrick specializes in helping companies that have experienced security breaches.
The Redaction Problem
One of the most common causes of data exposure in law firms isn't sophisticated hacking—it's improper redaction.
Many attorneys still use Word's highlight tool to "redact" documents. This doesn't actually remove data—it just covers it visually. Recipients can:
- Select and copy the "redacted" text
- Remove the highlighting
- Use PDF tools to extract hidden content
Courts have sanctioned attorneys for these failures. One magistrate judge demanded counsel explain why they shouldn't be sanctioned for "technical weakness" in their redaction process.
The Solution: True Document Redaction
anonym.legal's Office Add-in provides true redaction in Microsoft Word:
How It Works
- Select text in your Word document
- Click "Anonymize" in the anonym.legal add-in
- PII is detected and replaced with tokens or removed entirely
- The underlying text is actually replaced—not just hidden
Key Features for Legal
- Reversible encryption: Keep originals accessible with encryption keys
- Batch processing: Process entire case files at once
- Audit trails: Document what was redacted and when
- Format preservation: Maintains document formatting
Why Reversibility Matters
Unlike permanent redaction tools, anonym.legal uses AES-256-GCM encryption that can be reversed with the proper key.
This matters for legal because:
- Courts may require production of originals
- Opposing counsel may challenge redactions
- Internal review may need full documents
- Auditors may request un-redacted versions
Security Beyond Redaction
Proper redaction is essential, but it's only part of the solution. Law firms also need:
1. AI Chat Protection
Your associates are using ChatGPT for research and drafting. Are they pasting client information?
2. Email Scanning
Before sending documents externally, scan for inadvertent PII exposure.
3. Document Classification
Know which documents contain privileged information before sharing.
Getting Started
Protect your firm today:
- Download Office Add-in — True redaction in Word
- Install Chrome Extension — Protect AI usage
- Start free trial — 200 tokens to test
Sources: