It is unlikely that, by now, you have not heard about the Panama Papers. On Sunday, over a hundred news outlets, working together, released stories based on the internal documents of a Panama and Las Vegas based law firm.
Working from 2.73 terabytes of data stolen from that law firm representing almost 5 million emails, 2 million PDFs, 5 million database files and other documents, these reporters traced billions of dollars in hidden assets, much of that linked to world leaders such as Putin.
Whether you think these people are heroes or terrorists, the point is that they decided to out this law firm and I suspect, given who their clients are reputed to be, it will be a life altering event for the firm.
On a sheer scale, this is 2,000 TIMES the size of the WikiLeaks State Department cable disclosure.
Not only will this have ramifications for the law firm of Mossack Fonseca, but now a number of governments are saying that they are going to start investigating some of these claims. That means, for the people named, no matter how this ends up, their lives will never be the same either.
For that law firm and the hundreds of people who work for it, their lives will likely be changed as well, It is reasonable to assume that some customers – maybe a significant number – will leave the firm, meaning employees may lose their jobs.
Now onto the second law firm breach story in the past week.
Last week the Wall Street Journal reported that hackers broke into a number of the nation’s top law firms, likely for the purpose of stealing confidential information to use for insider trading, Two firms were named as having been breached – Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP. The hackers claimed to have hacked into more, unnamed, firms and are threatening to attack more firms.
Cravath said the incident happened last summer and they are not aware of the information being used illegally – which, of course, does not mean that it was not used illegally, but rather that the hackers did not tell them how they planned to use the information. Weil declined to comment.
These two cases point to two different motives – the first being to embarrass the law firms and their clients (and possibly to get both of them charged with crimes and convicted), the second is to make a lot of money. The J.P. Morgan Chase hackers from 2013 supposedly made over a hundred million dollars before they got caught – if they had been a little less greedy they might not have been caught.
What all professional service firms – lawyers, accountants, financial advisors, brokers, etc. need to understand is that the information that they collect can be extremely valuable to people with a motive. On the other hand, there are tens of thousands of targets of opportunity. For the most part – and it is possible that Fonseca was an exception, but maybe not – these attackers use the spray and pray methodology favored by many terrorists. Try to attack a thousand firms and see where you get in. Move on from there.
My, admittedly biased, recommendation is that if you run one of these professional service firms and you business depends on your reputation, you need to get ahead of this freight train and hunker down. Otherwise your’s may be the next name on the front page of the Journal.