Mahony Horner Lawyers, a law firm based in Wellington, New Zealand, has suffered a recent cyberattack, exposing client data and putting them at risk of fraud. The firm is currently working to identify the extent of the breach and the data that have been compromised. In an email sent to clients, the firm explained that it is taking time to analyze the information and determine high-risk data so that they can make individual contact with affected clients.
Unfortunately, the firm believes that copies of clients’ driver’s licenses or passports may have been included in the data taken by the unauthorized third party. One affected client expressed his frustration, stating that confidential information about legal matters has been exposed. The client criticized the firm for not encrypting the sensitive data, emphasizing the importance of data protection in such cases. The firm has confirmed that driver’s licenses and passports are among the exposed data.
As a measure to mitigate the impact of the breach, Mahony Horner Lawyers has offered to cover the costs of license replacements for affected clients. Additionally, the firm’s principal, Elspeth Horner, advised clients to contact the Department of Internal Affairs to have an alert placed on their passports.
Moving to the United States, officials in Rhode Island have confirmed that nearly 14,000 state workers and retirees have had their personal data exposed in a third-party data breach. The incident involved the popular MOVEit file transfer application, which was compromised, leading to the exposure of sensitive information. PBI Research Services, a contractor for Teachers Insurance and Annuity Association of America (TIAA), used MOVEit to transfer encrypted files. While TIAA servers were not directly compromised, the data shared with PBI was at risk.
State officials discovered that the personal data of beneficiaries enrolled in Rhode Island’s 401(a) Defined Contribution Retirement Plan, 457(b) Deferred Compensation Plan, and the FICA Alternative Retirement Income Security Program were exposed by the breach. The Rhode Island General Treasurer James Diossa’s spokesperson emphasized their commitment to protecting pensioners’ private information and stated that they are closely monitoring the situation.
The education sector has also been a target for cyberattacks, particularly higher education institutions. These institutions collect a large volume of personal data, making them attractive targets for hackers. The COVID-19 pandemic further heightened the threat as schools had to rely more on digital platforms for educational purposes. Despite some institutions implementing advanced protections, hackers have adapted to new security measures and continue to find ways to circumvent them.
A recent report from cybersecurity company SonicWall revealed that ransomware attacks and traditional malware attacks have increased between 2021 and 2022. Phishing operations targeting colleges and universities have also become more sophisticated, with the aim of trapping more victims. These attacks come with significant financial costs, both for the institutions themselves and the students who are impacted. Recent reports indicate that data breaches cost each affected student an average of $250.
Experts in the field suggest several measures that higher education institutions can take to enhance cybersecurity. Suraj Mohandas, Vice President of Strategy at mobile device management software company Jamf, emphasizes the need to address vulnerabilities in university systems, update technology, and strengthen online forms that may serve as entry points for hackers. Leslie DeCato, interim senior director of information security at California State University’s Chancellor’s Office, recommends regular vulnerability testing, updated cybersecurity plans, and the implementation of multifactor authentication.
Furthermore, DeCato emphasizes the importance of developing an incident response plan, fostering collaboration, and providing continuous cybersecurity education. By prioritizing these measures, institutions can better protect sensitive data, intellectual property, and their reputation.
In conclusion, the recent cyber attacks on Mahony Horner Lawyers and the Rhode Island state workers highlight the ongoing challenge of protecting client and personal data from unauthorized access. As cybercriminals continue to evolve their tactics, businesses and institutions must reinforce their cybersecurity measures to mitigate the risks.